diff --git a/docusaurus.config.js b/docusaurus.config.js index 26155abf3..be7eb449c 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -474,8 +474,8 @@ const config = { logoClass: "prisma", docs: [ { - label: "Get Started 1.0", - to: "access/docs/insights/getting_started-10", + label: "Get Started 3.0", + to: "access/docs/insights/getting_started-30", icon: "doc", }, { @@ -483,6 +483,11 @@ const config = { to: "access/docs/insights/getting_started-20", icon: "doc", }, + { + label: "Get Started 1.0", + to: "access/docs/insights/getting_started-10", + icon: "doc", + }, { label: "API FAQs", to: "access/docs/insights/pai-faqs", @@ -496,10 +501,15 @@ const config = { icon: "api-doc", }, { - to: "access/api/insights", + to: "access/api/insights/2.0", label: "Prisma Access Insights 2.0", icon: "api-doc", }, + { + to: "access/api/insights", + label: "Prisma Access Insights 3.0", + icon: "api-doc", + }, ], }, { @@ -650,13 +660,19 @@ const config = { sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, }, insights: { - specPath: "openapi-specs/access/insights/2.0", + specPath: "openapi-specs/access/insights/3.0", outputDir: "products/access/api/insights", sidebarOptions: { groupPathsBy: "tag" }, - version: "2.0", - label: "v2.0", + version: "3.0", + label: "v3.0", baseUrl: "/access/api/insights/", versions: { + "2.0": { + specPath: "openapi-specs/access/insights/2.0", + outputDir: "products/access/api/insights/2.0", + label: "v2.0", + baseUrl: "/access/api/insights/2.0/", + }, "1.0": { specPath: "openapi-specs/access/insights/1.0", outputDir: "products/access/api/insights/1.0", @@ -760,6 +776,7 @@ const config = { showExtensions: true, sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, baseUrl: "/prisma-cloud/api/", + hideSendButton: true, }, cspm: { specPath: "openapi-specs/cspm", @@ -777,9 +794,10 @@ const config = { specPath: "openapi-specs/compute", outputDir: "products/compute/api", sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, - version: "32.05", - label: "v32.05", + version: "32.06", + label: "v32.06", showExtensions: true, + hideSendButton: true, baseUrl: "/compute/api/", versions: { 31.02: { @@ -796,13 +814,6 @@ const config = { }, }, }, - compute_3201: { - specPath: "openapi-specs/compute/32-01", - outputDir: "products/compute/api/32-01", - showExtensions: true, - sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, - baseUrl: "/compute/api/32-01/", - }, compute_3202: { specPath: "openapi-specs/compute/32-02", outputDir: "products/compute/api/32-02", @@ -824,6 +835,13 @@ const config = { sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, baseUrl: "/compute/api/32-04/", }, + compute_3205: { + specPath: "openapi-specs/compute/32-05", + outputDir: "products/compute/api/32-05", + showExtensions: true, + sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, + baseUrl: "/compute/api/32-05/", + }, }, }, ], diff --git a/firebase.json b/firebase.json index c2cf77e17..897ca5df1 100644 --- a/firebase.json +++ b/firebase.json @@ -15,15 +15,6 @@ "value": "no-cache" } ] - }, - { - "source": "**/*", - "headers": [ - { - "key": "Content-Security-Policy", - "value": "default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'sha256-iIf+c/EMxKD/FXoUDy0YsZ3mE+JhzPsmR+aVbrjkdwM=' 'sha256-mC5lwOEBZZZXJoN3sDvzxnxAdNIEKujq9NSXgmhc4HM=' 'sha256-eHA/c1eEwnVIP0JdQf5OoHlH0twlYKVdCPpF0Uxun4U=' 'sha256-HEXSlCvj5t1knUX5S9reED7mj347MrX5NNWmhVKV3AY=' 'sha256-LJv39KYSfXELQ23XLwGsxKqh55fWlLAveXNhE4GJztE=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-IfbgmjMKKAFfhR1EW5CeLOLA6QyZyVAEeldA3Hbac90=' 'sha256-iIf+c/EMxKD/FXoUDy0YsZ3mE+JhzPsmR+aVbrjkdwM=' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://*.googletagmanager.com https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com pan.dev https://tagmanager.google.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com; img-src 'self' data: https://cdn-images-1.medium.com https://medium.com https://www.datocms-assets.com https://www.google-analytics.com https://pan.dev https://raw.githubusercontent.com https://googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://avatars.githubusercontent.com https://github.com https://cdn.twistlock.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://*.2o7.net https://ssl.gstatic.com https://www.gstatic.com; worker-src 'none'; connect-src https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.paloaltonetworks.com https://cors.pan.dev https://*.algolia.net https://*.googleapis.com https://analytics.google.com https://*.hotjar.com wss://ws.hotjar.com https://*.hotjar.io https://panwprod.*.net https://pan.dev; frame-src 'self' https://www.google.com https://*.demdex.net https://td.doubleclick.net;" - } - ] } ], "public": "build", diff --git a/openapi-specs/access/insights/3.0/paloaltonetworks-insights_30.yaml b/openapi-specs/access/insights/3.0/paloaltonetworks-insights_30.yaml new file mode 100644 index 000000000..b14fec3e1 --- /dev/null +++ b/openapi-specs/access/insights/3.0/paloaltonetworks-insights_30.yaml @@ -0,0 +1,2538 @@ +components: + securitySchemes: + Bearer: + scheme: bearer + type: http +info: + contact: + email: support@paloaltonetworks.com + description: "This Open API spec file represents the APIs available for Prisma Access\ + \ Insights 3.0.\nThe Prisma Access Insights 3.0 APIs allow you to query your Prisma\ + \ Access tenant for the health of\nyour Prisma Access network deployment. The\ + \ 3.0 APIs are are intended for cloud-managed Prisma Access\ncustomers, where\ + \ the tenants have been onboarded by Palo Alto Networks using a Tenant Service\ + \ Group\n(TSG) identifier.\n\nThese APIs use the common SASE authentication mechanism\ + \ and base URL. See the\n[Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted)\ + \ guide for more information.\n\nThis Open API spec file was created on July 20,\ + \ 2024. To check for a more recent version of this file, see\n[Prisma Insights\ + \ APIs on pan.dev](https://pan.dev//access/api/insights/).\n\n\xA9 2024 Palo Alto\ + \ Networks, Inc. Palo Alto Networks is a registered trademark of Palo\nAlto Networks.\ + \ A list of our trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ + \nAll other marks mentioned herein may be trademarks of their respective companies.\n" + title: Palo Alto Networks 3.0 APIs + version: '3.0' +openapi: 3.0.1 +paths: + /insights/v3.0/resource/query/applications/application_list: + post: + description: "Retrieves list of application. \n" + operationId: post-insights-v3.0-resource-query-applications-application_list + parameters: + - description: CDL Region + in: header + name: X-PANW-Region + required: true + schema: + example: americas + type: string + - description: 'A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. + + ' + in: header + name: Prisma-Tenant + required: false + schema: + example: 12345678:12345679 + type: string + requestBody: + content: + application/json: + examples: + Mandatory Filters: + value: + filter: + rules: + - operator: between + property: event_time + values: + - 1721324700000 + - 1721325600000 + - operator: in + property: platform_type + values: + - prisma_access + - ngfw + Possible Filters: + value: + filter: + rules: + - operator: between + property: event_time + values: + - 1721324700000 + - 1721325600000 + - operator: in + property: mobileuser + values: + - John.Smith + - operator: in + property: experience_score + values: + - poor + - operator: in_nested + property: usergroups + values: + - staff + - operator: in + property: app + values: + - doordash + - operator: in + property: app_category + values: + - saas + - operator: in + property: risk_of_app + values: + - 3 + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: platform_type + values: + - prisma_access + - ngfw + - operator: in + property: application_type + values: + - saas + - operator: in + property: security_service_type + values: + - thread_protection + - operator: in + property: source_type + values: + - user + - operator: equals + property: threats_active + values: + - true + - operator: in + property: threat_severity + values: + - Critical + - operator: in + property: threat_category + values: + - Malware + - operator: in + property: deployment_type + values: + - mu + - rn + schema: + example: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - '5' + - operator: in + property: platform_type + values: + - prisma_access + properties: + app: + description: Application name + example: doordash + type: string + app_category: + description: Category of the application + example: saas + type: string + application_type: + description: Type of the application + enum: + - saas + - private_apps + - internet + example: saas + type: string + deployment_type: + description: Filters for specific ADEM deployments + enum: + - mu + - rn + example: mu + type: string + edge_location_display_name: + description: Name of PA location + example: US West + type: string + event_time: + description: Time of the event + example: 1709226000000 + type: integer + experience_score: + description: This filter applies to User/Site experience score. + Any application where user or site experience score matches this + filter values will be returned. + enum: + - poor + - fair + - good + example: poor + type: string + mobileuser: + description: ADEM Mobile user name + example: John.Smith + type: string + platform_type: + description: Platform name + enum: + - prisma_access + - ngfw + example: prisma_access + type: string + risk_of_app: + description: Risk of application + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + example: 3 + type: integer + security_service_type: + description: Security service type + enum: + - threat_protection + - wildfire + - dns_security + - url_filtering + example: thread_protection + type: string + source_type: + description: Type of the source + enum: + - user + - iot + - other + example: user + type: string + threat_category: + description: Category of threats + enum: + - Malware + - Grayware + - Phishing + - C2 + - Vulnerability + example: Malware + type: string + threat_severity: + description: Severity of the threat + enum: + - High + - Critical + - Medium + - Low + - Information + example: Critical + type: string + threats_active: + description: Apps which have seen any threats + enum: + - true + - false + example: false + type: boolean + usergroups: + description: Group of the user + example: staff + type: string + required: + - event_time + - platform_type + type: object + required: true + responses: + '200': + content: + application/json: + example: + data: + - app: http-video + app_category: media + app_sub_category: photo-video + application_sub_type: unsanctioned + port: 443 + risk_of_app: 4 + rule_name: rule + total_threats: 452 + url_count: 65011 + usage_bytes: 4245407346960 + user_count: 2000 + - app: gmail-base + app_category: saas + app_sub_category: email + application_sub_type: unsanctioned + application_test_name: Gmail + application_test_target_name: mail.google.com + port: 443 + risk_of_app: 4 + rule_name: rule + total_threats: 0 + url_count: 648 + usage_bytes: 1182385504410 + user_count: 10000 + user_exp_score: 89.5 + user_exp_score_verdict: good + user_exp_test_uuid: c4ed3e67-c32a-4be1-94ab-ccffb2ed78d6 + schema: + example: + data: + - accelerated: true + app: doordash + app_category: saas + app_sub_category: sub_category + application_test_name: App Test + application_test_target_name: test_target + avg_throughput: 100.5 + pab_event_count: 5 + port: 443 + risk_of_app: 3 + rule_name: rule_1 + site_exp_score: 90 + site_exp_score_verdict: excellent + site_exp_test_uuid: uuid-5678 + total_threats: 10 + url_count: 250 + usage_bytes: 123456789 + user_count: 5000 + user_exp_score: 85 + user_exp_score_verdict: good + user_exp_test_uuid: uuid-1234 + properties: + accelerated: + description: If application was accelerated + type: boolean + app: + description: Application name + type: string + app_category: + description: Application category + type: string + app_sub_category: + description: Application sub category + type: string + application_test_name: + description: Application test name + type: string + application_test_target_name: + description: Application test target name + type: string + avg_throughput: + description: Average throughput + type: number + pab_event_count: + description: Count of PAB events + type: integer + port: + description: Destination port + type: integer + risk_of_app: + description: Application risk level + type: integer + rule_name: + description: Rule name matched for application + type: string + site_exp_score: + description: Site experience score + type: integer + site_exp_score_verdict: + description: Site experience score verdict + type: string + site_exp_test_uuid: + description: Site experience test UUID + type: string + total_threats: + description: Total threat count + type: integer + url_count: + description: Count of url + type: integer + usage_bytes: + description: Application data usage + type: integer + user_count: + description: Count of users + type: integer + user_exp_score: + description: User experience score + type: integer + user_exp_score_verdict: + description: User experience score verdict + type: string + user_exp_test_uuid: + description: User experience test UUID + type: string + type: object + description: OK + security: + - Bearer: [] + summary: Application list + tags: + - Application + /insights/v3.0/resource/query/locations/location_current_status_count: + post: + description: 'Retrieves the total of the current location. + + ' + operationId: post-insights-v3.0-resource-query-locations-location_current_status_count + parameters: + - description: "Region mapping for the tenant. \n" + in: header + name: X-PANW-Region + required: true + schema: + example: americas + type: string + - description: TSG ID + in: header + name: Prisma-Tenant + required: false + schema: + example: 12345678:12345679 + type: string + requestBody: + content: + application/json: + examples: + Monitor > Prisma Access Locations > Prisma Access Location RN Status: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: rn_state + values: + - 1 + properties: + - property: rn_state + - property: current_rn_locations + Monitor > Prisma Access Locations > Prisma Access Location SC Status: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: sc_state + values: + - 1 + properties: + - property: sc_state + - property: current_sc_locations + schema: + example: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + properties: + edge_location_display_name: + description: Name of PA location + example: US West + type: string + ep_state: + description: State of the EP + enum: + - 0 + - 1 + - 2 + example: 1 + type: integer + event_time: + description: Time of the event + example: '1709226000000' + type: string + mu_state: + description: State of the MU + enum: + - 0 + - 1 + - 2 + - 3 + example: 1 + type: integer + nhp_state: + description: State of the NHP + enum: + - 0 + - 1 + - 2 + example: 1 + type: integer + rn_state: + description: State of the RN + enum: + - 0 + - 1 + - 2 + - 3 + example: 1 + type: integer + sc_state: + description: State of the SC + enum: + - 0 + - 1 + - 2 + example: 1 + type: integer + required: [] + type: object + required: true + responses: + '200': + content: + application/json: + examples: + MU Count: + value: + data: + - current_mu_locations: 100 + mu_state: 1 + RN Count: + value: + data: + - current_rn_locations: 24 + rn_state: 1 + schema: + example: + data: + - current_ep_locations: 10 + current_mu_locations: 100 + current_nhp_locations: 15 + current_rn_locations: 24 + current_sc_locations: 30 + properties: + current_ep_locations: + description: Count of the explicit-proxy locations + type: integer + current_mu_locations: + description: Count of the mobile-user locations + type: integer + current_nhp_locations: + description: Count of next hop proxy locations + type: integer + current_rn_locations: + description: Count of the remote-network locations + type: integer + current_sc_locations: + description: Count of the service-connection locations + type: integer + type: object + description: OK + security: + - Bearer: [] + summary: Current location count + tags: + - Location + /insights/v3.0/resource/query/locations/location_gp_mobile_users_logins: + post: + description: 'Provides details of all Provider-Aggregatable (PA) location with + security connections and remote networks including their coordinates, and + counts of remote networks and security connections. + + ' + operationId: post-insights-v3.0-resource-query-locations-location_gp_mobile_users_logins + parameters: + - description: "Region mapping for the tenant. \n" + in: header + name: X-PANW-Region + required: true + schema: + example: americas + type: string + - description: TSG ID + in: header + name: Prisma-Tenant + required: false + schema: + example: 12345678:12345679 + type: string + requestBody: + content: + application/json: + examples: + Mandatory Filters: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + Possible Filters: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: node_type + values: + - 49 + schema: + example: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + properties: + edge_location_display_name: + description: Name of PA location + example: US West + type: string + event_time: + description: Time of the event + example: '1709226000000' + type: string + node_type: + description: Type of the node + example: 49 + type: number + required: + - event_time + type: object + required: true + responses: + '200': + content: + application/json: + example: + data: + - edge_location_display_name: India West + unique_users: 10 + unique_users_gp: 10 + - edge_location_display_name: US Central + unique_users: 10 + unique_users_gp: 10 + - edge_location_display_name: US East + unique_users: 10 + unique_users_gp: 10 + - edge_location_display_name: US South + unique_users: 10 + unique_users_gp: 10 + - edge_location_display_name: US West + unique_users: 10 + unique_users_gp: 10 + schema: + example: + data: + - edge_location_display_name: India West + unique_users: 10 + unique_users_gp: 10 + - edge_location_display_name: US Central + unique_users: 10 + unique_users_gp: 10 + - edge_location_display_name: US East + unique_users: 10 + unique_users_gp: 10 + - edge_location_display_name: US South + unique_users: 10 + unique_users_gp: 10 + - edge_location_display_name: US West + unique_users: 10 + unique_users_gp: 10 + properties: + edge_location_display_name: + description: Display name of the location + type: string + unique_users: + description: Number of unique GlobalProtect users at the location + type: integer + unique_users_gp: + description: Number of unique GlobalProtect users at the location + type: integer + type: object + description: OK + security: + - Bearer: [] + summary: Global-Protect mobile users login location + tags: + - Location + /insights/v3.0/resource/query/locations/noc_location_list_rn_sc: + post: + description: 'Provides details on Prisma Access locations details of branch + and data center sites. + + ' + operationId: post-insights-v3.0-resource-query-locations-noc_location_list_rn_sc + parameters: + - description: "Region mapping for the tenant. \n" + in: header + name: X-PANW-Region + required: true + schema: + example: americas + type: string + - description: TSG ID + in: header + name: Prisma-Tenant + required: false + schema: + example: 12345678:12345679 + type: string + requestBody: + content: + application/json: + examples: + Dashboards>Sase Health>Current Sites>Map: + value: + filter: + rules: [] + Dashboards>Sase Health>Current Sites>Map>LocationFilter: + value: + filter: + rules: + - operator: in + property: edge_location_display_name + values: + - US West + SiteLocationFilter: + value: + filter: + rules: + - operator: in + property: source_country + values: + - United States + - operator: in + property: source_city + values: + - Santa Clara + schema: + example: + filter: + rules: [] + properties: + edge_location_display_name: + description: Name of PA location + example: US West + type: string + source_city: + description: Name of city + example: Santa Clara + type: string + source_country: + description: Name of country + example: United States + type: string + required: [] + type: object + required: true + responses: + '200': + content: + application/json: + example: + data: + - aggregate_status: Up + edge_location_display_name: US West + latitude: 37.7749 + longitude: -122.4194 + rn_status: Up + rn_up_count: 1 + sc_count: 7 + sc_status: Up + sc_up_count: 7 + - aggregate_status: Up + edge_location_display_name: US Northeast + latitude: 40.71455 + longitude: -74.00714 + rn_status: Up + rn_up_count: 0 + sc_count: 3 + sc_status: Up + sc_up_count: 0 + schema: + example: + data: + - aggregate_status: Up + edge_location_display_name: US West + latitude: 37.7749 + longitude: -122.4194 + rn_status: Up + rn_up_count: 1 + sc_count: 7 + sc_status: Up + sc_up_count: 7 + properties: + aggregate_status: + description: Status of the PA Location - UP/DOWN + type: string + edge_location_display_name: + description: Name of PA location + type: string + latitude: + description: Latitude for the PA Location + type: number + longitude: + description: Longitude for the PA Location + type: number + rn_status: + description: RN Status of the PA Location - UP/DOWN + type: string + rn_up_count: + description: Number of RN sites which are up + type: number + sc_colo_connection_count: + description: Number of Colo Connect Connections + type: number + sc_colo_connection_up_count: + description: Number of Up SC Colo connections + type: number + sc_colo_count: + description: Number of Colo Connect SCs + type: number + sc_colo_link_count: + description: Number of Colo Connect Links + type: number + sc_colo_link_up_count: + description: Number of Up SC Colo connections + type: number + sc_count: + description: Number of SC sites configured + type: number + sc_status: + description: Service Connection Status of the PA Location - UP/DOWN + type: string + sc_up_count: + description: Number of SC sites which are up + type: number + type: object + description: OK + security: + - Bearer: [] + summary: Location and data center sites details + tags: + - Location + /insights/v3.0/resource/query/mobileusers/connected_entity_count: + post: + description: 'Provides a total number of users and devices connected to GlobalProtect + gateway. If you have ADEM license, this API also gives you a total number + of user and devices monitored by ADEM agent. + + ' + operationId: post-insights-v3.0-resource-query-mobileusers-connected_entity_count + parameters: + - description: CDL Region + in: header + name: X-PANW-Region + required: true + schema: + example: americas + type: string + - description: 'A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. + + ' + in: header + name: Prisma-Tenant + required: false + schema: + example: 12345678:12345679 + type: string + requestBody: + content: + application/json: + examples: + Monitor>Users>Users Table: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: node_type + values: + - 49 + - operator: in + property: platform_type + values: + - prisma_access + With application_name, platform_type and connection_method: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: connection_method + values: + - gp + - operator: in + property: platform_type + values: + - prisma_access + With username filter: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: username + values: + - John.Smith + schema: + example: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - '5' + - operator: in + property: node_type + values: + - '49' + - operator: in + property: platform_type + values: + - prisma_access + properties: + alternate_username: + description: GP user name + example: ry06135 + type: string + application_score_aggregate_value: + description: Quality of application + enum: + - unknown + - poor + - fair + - good + example: good + type: string + client_gp_version: + description: Version of the GP client + example: 3.0.1 + type: string + client_os_version: + description: Version of the client OS + example: Apple Mac OS X 12.6.8 + type: string + connection_method: + description: Type of connection + enum: + - ep + - gp + example: gp + type: string + device_name: + description: Name of the user device + example: WLTH2Q15X3 + type: string + device_score_aggregate_value: + description: Quality of device score aggregate + enum: + - unknown + - poor + - fair + - good + example: good + type: string + device_self_serve_status: + description: Is device self service + example: true + type: boolean + edge_location_display_name: + description: Name of PA location + example: US West + type: string + event_time: + description: Time of the event + example: '1709226000000' + type: string + internet_score_aggregate_value: + description: Quality of internet + enum: + - unknown + - poor + - fair + - good + example: good + type: string + lan_score_aggregate_value: + description: Quality of LAN + enum: + - unknown + - poor + - fair + - good + example: good + type: string + node_type: + description: Type of the node + example: 49 + type: number + pa_score_aggregate_value: + description: Quality of PA + enum: + - unknown + - poor + - fair + - good + example: good + type: string + platform_type: + description: Platform name + example: prisma_access + type: string + source_city: + description: Name of city + example: Santa Clara + type: string + source_country: + description: Name of country + example: United States + type: string + user_source_ip_address: + description: IP address of the user + example: 203.129.129.106 + type: string + usergroups: + description: Group of the user + example: staff + type: string + username: + description: Mobile user name + example: John.Smith@email.com + type: string + wifi_score_aggregate_value: + description: Quality of wifi + enum: + - unknown + - poor + - fair + - good + example: good + type: string + required: + - event_time + - node_type + type: object + required: true + responses: + '200': + content: + application/json: + example: + data: + - device_count: 1200 + user_count: 1000 + schema: + example: + data: + - device_count: 1200 + user_count: 1000 + properties: + device_count: + description: device_count + type: integer + user_count: + description: user_count + type: integer + type: object + description: OK + security: + - Bearer: [] + summary: Total number of connected entities + tags: + - MobileUsers + /insights/v3.0/resource/query/mobileusers/gp/noc_current_connected_user_list: + post: + description: 'Generates a list of all users currently live on the GlobalProtect + gateway. Utilize the timerange filter to compute the experience score if a + ADEM license is available. + + ' + operationId: post-insights-v3.0-resource-query-mobileusers-gp-noc_current_connected_user_list + parameters: + - description: CDL Region + in: header + name: X-PANW-Region + required: true + schema: + example: americas + type: string + - description: 'A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. + + ' + in: header + name: Prisma-Tenant + required: false + schema: + example: 12345678:12345679 + type: string + requestBody: + content: + application/json: + examples: + Dashboard>Sase Health: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + schema: + example: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - '5' + properties: + connection_method: + description: Type of connection + enum: + - ep + - gp + example: gp + type: string + edge_location_display_name: + description: Name of PA location + example: US West + type: string + event_time: + description: Time of the event + example: '1709226000000' + type: string + node_type: + description: Type of the node + example: 49 + type: number + platform_type: + description: Platform name + example: prisma_access + type: string + source_city: + description: Name of city + example: Santa Clara + type: string + source_country: + description: Name of country + example: United States + type: string + required: + - event_time + type: object + required: true + responses: + '200': + content: + application/json: + example: + data: + - device_name: John's MacBook + distance: 15.5 + is_connected: true + is_degraded: false + last_login_time: 1709226000000 + latitude: 37.7749 + longitude: -122.4194 + pa_location: US West + username: test_user + schema: + example: + data: + - device_name: John's MacBook + distance: 15.5 + is_connected: true + is_degraded: false + last_login_time: 1709226000000 + latitude: 37.7749 + longitude: -122.4194 + pa_location: US West + username: test_user + properties: + device_name: + description: Device name + type: string + distance: + description: distance + type: number + is_connected: + description: Is connected + type: boolean + is_degraded: + description: Indicates if experience degraded + type: boolean + last_login_time: + description: Most recent login time of this user + type: integer + latitude: + description: latitude + type: number + longitude: + description: longitude + type: number + pa_location: + description: Prisma Access location + type: string + username: + description: Username + type: string + type: object + description: OK + security: + - Bearer: [] + summary: User connected list + tags: + - MobileUsers + /insights/v3.0/resource/query/mobileusers/user_list: + post: + description: 'Provides a list of all GlobalProtect users who connected within + the requested time range, including all their details. + + ' + operationId: post-insights-v3.0-resource-query-mobileusers-user_list + parameters: + - description: 'Region mapping for the tenant. + + ' + in: header + name: X-PANW-Region + required: true + schema: + example: americas + type: string + - description: TSG ID + in: header + name: Prisma-Tenant + required: false + schema: + example: 12345678:12345679 + type: string + requestBody: + content: + application/json: + examples: + Monitor > Users > Users Table: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: node_type + values: + - 49 + - operator: in + property: platform_type + values: + - prisma_access + Without application_name filter, platform_type: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: username + values: + - John.Smith + - operator: in_nested + property: usergroups + values: + - staff + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: device_name + values: + - WLTH2Q15X3 + - operator: in + property: source_country + values: + - United States + - operator: in + property: source_city + values: + - Santa Clara + - operator: in + property: source_ip_address + values: + - 208.127.155.45 + - operator: in + property: client_os_version + values: + - Apple Mac OS X 12.6.8 + - operator: in + property: client_gp_version + values: + - 3.0.1 + - operator: in + property: device_score_aggregate_value + values: + - good + - operator: in + property: lan_score_aggregate_value + values: + - good + - operator: in + property: pa_score_aggregate_value + values: + - good + - operator: in + property: application_score_aggregate_value + values: + - good + - operator: equals + property: device_self_serve_status + values: + - true + - operator: in + property: platform_type + values: + - prisma_access + schema: + example: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - '5' + - operator: in + property: node_type + values: + - '49' + - operator: in + property: platform_type + values: + - prisma_access + properties: + alternate_username: + description: Mobile user alternate name + example: ry06135 + type: string + application_score_aggregate_value: + description: Quality of application + enum: + - unknown + - poor + - fair + - good + example: good + type: string + client_gp_version: + description: Version of the GP client + example: 3.0.1 + type: string + client_os_version: + description: Version of the client OS + example: Apple Mac OS X 12.6.8 + type: string + connection_method: + description: Type of connection + enum: + - ep + - gp + example: gp + type: string + device_name: + description: Name of the user device + example: WLTH2Q15X3 + type: string + device_score_aggregate_value: + description: Quality of device score aggregate + enum: + - unknown + - poor + - fair + - good + example: good + type: string + device_self_serve_status: + description: Is device self service + example: true + type: boolean + edge_location_display_name: + description: Name of PA location + example: US West + type: string + event_time: + description: Time of the event + example: '1709226000000' + type: string + internet_score_aggregate_value: + description: Quality of internet + enum: + - unknown + - poor + - fair + - good + example: good + type: string + lan_score_aggregate_value: + description: Quality of LAN + enum: + - unknown + - poor + - fair + - good + example: good + type: string + location_group_name: + description: Name of connected location group + example: US West + type: string + node_type: + description: Type of the node + example: 49 + type: number + pa_score_aggregate_value: + description: Quality of PA + enum: + - unknown + - poor + - fair + - good + example: good + type: string + platform_type: + description: Platform type + example: prisma_access + type: string + project_name: + description: Name of the project the user connected to + example: Project 1 + type: string + source_city: + description: Name of city + example: Santa Clara + type: string + source_country: + description: Name of country + example: United States + type: string + source_ip_address: + description: IP address of user device + example: 208.127.155.45 + type: string + user_source_ip_address: + description: IP address of the user + example: 203.129.129.106 + type: string + usergroups: + description: Group of the user + example: staff + type: string + username: + description: Mobile user name + example: John.Smith@email.com + type: string + wifi_score_aggregate_value: + description: Quality of wifi + enum: + - unknown + - poor + - fair + - good + example: good + type: string + required: + - event_time + - node_type + type: object + required: true + responses: + '200': + content: + application/json: + example: + data: + - alternate_usernames: + - test_user + app_count: 27 + application_score: 94.80555555555556 + device_count: 1 + device_details: + - adem_username: test_user + alternate_username: test_user + application_score: 94.80555555555556 + application_score_value: good + device_agent_uuid: d7b28c1a-ca0a-479d-80d2-8bbf474e3c96 + device_auth_type: Cookie + device_client_gp_version: 6.2.3 + device_client_private_address: 10.47.147.238 + device_count: 1 + device_count_1: 1 + device_isp_name: ATT-INTERNET4 + device_last_connected_pa_location: US South + device_last_connected_source_city: San Antonio + device_last_connected_source_country: United States + device_last_login_timestamp_epoc_millis: 1721296808000 + device_name: M-F727N7FWLW + device_os_version: Apple Mac OS X 14.5.0 + device_score_aggregate: 100.0 + device_score_aggregate_value: good + device_self_serve_notifications_count_internet_connectivity: 0 + device_self_serve_notifications_count_system_cpu: 0 + device_self_serve_notifications_count_system_cpu_memory: 0 + device_self_serve_notifications_count_system_memory: 0 + device_self_serve_notifications_count_total: 0 + device_self_serve_notifications_count_wifi_connectivity: 0 + device_self_serve_notifications_count_wifi_link_quality: 0 + device_self_serve_notifications_count_wifi_ssid_change: 0 + device_self_serve_status: true + device_source_ip_address: 23.118.233.5 + internet_score_value: good + lan_score_value: fair + last_activity_timestamp_epoc_millis: 1721349000000 + pa_score_value: good + platform_type: prisma_access + threat_count_1: 0 + user_last_connected_pa_location: US South + user_last_connected_source_city: San Antonio + user_last_connected_source_country: United States + user_last_login_timestamp_epoc_millis: 1721296808000 + username: test_user + wifi_score_value: good + last_activity_timestamp_epoc_millis: 1721349000000 + platform_type: + - prisma_access + threat_count: 0 + total_bytes: 65502354 + user_agent_uuid: + - d7b28c1a-ca0a-479d-80d2-8bbf474e3c96 + user_auth_type: + - Cookie + user_client_gp_version: + - 6.2.3 + user_client_private_address: + - 10.47.147.238 + user_isp_name: + - ATT-INTERNET4 + user_last_connected_pa_location: US South + user_last_connected_source_city: San Antonio + user_last_connected_source_country: United States + user_last_login_timestamp_epoc_millis: 1721296808000 + user_os_version: + - Apple Mac OS X 14.5.0 + user_score_aggregate: 100.0 + user_self_serve_notifications_count_internet_connectivity: 0 + user_self_serve_notifications_count_system_cpu: 0 + user_self_serve_notifications_count_system_cpu_memory: 0 + user_self_serve_notifications_count_system_memory: 0 + user_self_serve_notifications_count_total: 0 + user_self_serve_notifications_count_wifi_connectivity: 0 + user_self_serve_notifications_count_wifi_link_quality: 0 + user_self_serve_notifications_count_wifi_ssid_change: 0 + user_self_serve_status: true + user_source_ip_address: + - 23.118.233.5 + username: test_user + schema: + example: + data: + - accelerated: true + adem_username: John.Smith + alternate_username: ry06135 + app_count: 5 + application_score: 95 + application_score_value: good + device_agent_uuid: uuid-1234 + device_auth_type: Certificate + device_client_gp_version: 3.0.1 + device_client_private_address: 10.0.0.1 + device_count: 1 + device_isp_name: ISP Name + device_last_connected_pa_location: US West + device_last_connected_source_city: Santa Clara + device_last_connected_source_country: United States + device_last_login_timestamp_epoc_millis: 1709226000000 + device_name: WLTH2Q15X3 + device_os_version: Apple Mac OS X 12.6.8 + device_score_aggregate: 100 + device_score_aggregate_value: good + device_self_serve_notifications_count_internet_connectivity: 0 + device_self_serve_notifications_count_system_cpu: 0 + device_self_serve_notifications_count_system_cpu_memory: 0 + device_self_serve_notifications_count_system_memory: 0 + device_self_serve_notifications_count_total: 0 + device_self_serve_notifications_count_wifi_connectivity: 0 + device_self_serve_notifications_count_wifi_link_quality: 0 + device_self_serve_notifications_count_wifi_ssid_change: 0 + device_self_serve_status: true + device_source_ip_address: 203.129.129.106 + internet_score_value: good + lan_score_value: good + last_activity_timestamp_epoc_millis: 1709226000000 + location_group_name: US West + pa_score_value: good + platform_type: prisma_access + project_name: Project 1 + threat_count: 0 + total_bytes: 1024000 + user_last_connected_pa_location: US West + user_last_connected_source_city: Santa Clara + user_last_connected_source_country: United States + user_last_login_timestamp_epoc_millis: 1709226000000 + username: John.Smith@email.com + wifi_score_value: good + properties: + accelerated: + description: accelerated + type: boolean + adem_username: + description: adem username + type: string + alternate_username: + description: alternate username + type: string + app_count: + description: Applications count + type: integer + application_score: + description: Average Application score for the user/device + type: integer + application_score_value: + description: application_score_value + type: string + device_agent_uuid: + description: device_agent_uuid + type: string + device_auth_type: + description: device_auth_type + type: string + device_client_gp_version: + description: Client GP version + type: string + device_client_private_address: + description: device_client_private_address + type: string + device_count: + description: device count + type: integer + device_isp_name: + description: device isp + type: string + device_last_connected_pa_location: + description: device_last_connected_pa_location + type: string + device_last_connected_source_city: + description: device_last_connected_source_city + type: string + device_last_connected_source_country: + description: device_last_connected_source_country + type: string + device_last_login_timestamp_epoc_millis: + description: device_last_login_timestamp_epoc_millis + type: string + device_name: + description: user device name + type: string + device_os_version: + description: device_os_version + type: string + device_score_aggregate: + description: device_score_aggregate + type: integer + device_score_aggregate_value: + description: device_score_aggregate_value + type: string + device_self_serve_notifications_count_internet_connectivity: + description: internet connectivity notification count + type: integer + device_self_serve_notifications_count_system_cpu: + description: cpu notification count + type: integer + device_self_serve_notifications_count_system_cpu_memory: + description: system cpu memory count + type: integer + device_self_serve_notifications_count_system_memory: + description: system memory count + type: integer + device_self_serve_notifications_count_total: + description: total count + type: integer + device_self_serve_notifications_count_wifi_connectivity: + description: wiki connectivity notification count + type: integer + device_self_serve_notifications_count_wifi_link_quality: + description: wiki link quality count + type: integer + device_self_serve_notifications_count_wifi_ssid_change: + description: wiki ssid change count + type: integer + device_self_serve_status: + description: device serve status + type: boolean + device_source_ip_address: + description: device_source_ip_address + type: string + internet_score_value: + description: internet_score_value + type: string + lan_score_value: + description: lan_score_value + type: string + last_activity_timestamp_epoc_millis: + description: Last activity timestamp + type: integer + location_group_name: + description: Location group name + type: string + pa_score_value: + description: pa_score_value + type: string + platform_type: + description: platform type + type: string + project_name: + description: Project name + type: string + threat_count: + description: Threat count + type: integer + total_bytes: + description: Total data transferred + type: integer + user_last_connected_pa_location: + description: user_last_connected_pa_location + type: string + user_last_connected_source_city: + description: user_last_connected_source_city + type: string + user_last_connected_source_country: + description: user_last_connected_source_country + type: string + user_last_login_timestamp_epoc_millis: + description: user_last_login_timestamp_epoc_millis + type: integer + username: + description: username + type: string + wifi_score_value: + description: wifi_score_value + type: string + type: object + description: OK + security: + - Bearer: [] + summary: Mobile users list + tags: + - MobileUsers + /insights/v3.0/resource/query/sites/rn_list: + post: + description: "Provides you a list of all networks that are accessed remotely.\ + \ \n" + operationId: post-insights-v3.0-resource-query-sites-rn_list + parameters: + - description: "Region mapping for the tenant. \n" + in: header + name: X-PANW-Region + required: true + schema: + example: americas + type: string + - description: TSG ID + in: header + name: Prisma-Tenant + required: false + schema: + example: 12345678:12345679 + type: string + requestBody: + content: + application/json: + examples: + List of Sites with status down: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: site_state + subQuery: + name: topology_current_status_site_state + values: + - 0 + Monitor > Branch Sites > Site List: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + Remote networks list with possible filters: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: site_state + subQuery: + name: topology_current_status_site_state + values: + - 0 + - operator: in + property: instance_state + subQuery: + name: topology_current_status_instance_state + values: + - 1 + - operator: in + property: geoip_destination + subQuery: + name: topology_current_status_geo_location + values: + - Denver, United States + - operator: in + property: site_name + values: + - RN1 + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: compute_location + values: + - US East + schema: + example: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + properties: + compute_location: + description: Compute Location + example: US East + type: string + edge_location_display_name: + description: Name of PA location + example: US West + type: string + geoip_destination: + description: Geo IP of the destination + example: Denver, United States + type: string + instance_state: + description: Instance state + enum: + - 0 + - 1 + - 2 + example: 1 + type: number + site_name: + description: Name of the site + example: Remote-Conn1 + type: string + site_state: + description: State of the site + enum: + - 0 + - 1 + - 2 + example: 0 + type: number + required: + - event_time + type: object + required: true + responses: + '200': + content: + application/json: + example: + data: + - avg_throughput: 100.5 + bgp_all_tunnels: 3 + bgp_site_state: 1 + bgp_site_state_name: Up + bgp_up_tunnels: 2 + compute_location: US East + destination_ip: 192.168.1.2 + destination_ip_string: 192.168.1.2 + edge_location_display_name: US West + instance_state: 1 + instance_state_name: Up + median_throughput: 95.5 + node_type: 48 + peak_throughput: 150.5 + site_aggregate_capacity: 2000 + site_all_tunnels: 3 + site_capacity: 1000 + site_city: Denver + site_connection_duration: 120 + site_country: USA + site_disconnection: 0 + site_location: Denver, CO + site_location_string: Denver, CO + site_name: Remote-Conn1 + site_state: 1 + site_state_name: Up + site_type: Third-Party + site_up_tunnels: 2 + source_ip: 192.168.1.1 + source_ip_string: 192.168.1.1 + schema: + example: + data: + - avg_throughput: 85.2 + bgp_all_tunnels: 4 + bgp_site_state: 1 + bgp_site_state_name: Up + bgp_up_tunnels: 3 + compute_location: US East + destination_ip: 203.0.113.2 + destination_ip_string: 203.0.113.2 + edge_location_display_name: US West + instance_state: 1 + instance_state_name: Up + median_throughput: 80.3 + node_type: 48 + peak_throughput: 160.4 + site_aggregate_capacity: 2500 + site_all_tunnels: 4 + site_capacity: 1500 + site_city: San Francisco + site_connection_duration: 150 + site_country: USA + site_disconnection: 0 + site_location: San Francisco, CA + site_location_string: San Francisco, CA + site_name: Remote-Conn2 + site_state: 1 + site_state_name: Up + site_type: Remote Network + site_up_tunnels: 3 + source_ip: 203.0.113.1 + source_ip_string: 203.0.113.1 + properties: + avg_throughput: + description: Average throughput + example: 100.5 + type: number + bgp_all_tunnels: + description: Count of BGP tunnels + example: 3 + type: number + bgp_site_state: + description: BGP Site State + example: 1 + type: number + bgp_site_state_name: + description: BGP Site State Name + example: Up + type: string + bgp_up_tunnels: + description: Count of Up Tunnels + example: 2 + type: number + compute_location: + description: Compute Location + example: US East + type: string + destination_ip: + description: Destination IP + example: 192.168.1.2 + type: string + destination_ip_string: + description: Destination IP + example: 192.168.1.2 + type: string + edge_location_display_name: + description: PA Location + example: US West + type: string + instance_state: + description: Instance State + example: 1 + type: number + instance_state_name: + description: Instance State Name + example: Up + type: string + median_throughput: + description: Median throughput + example: 95.5 + type: number + node_type: + description: Node Type + example: 48 + type: integer + peak_throughput: + description: Peak throughput + example: 150.5 + type: number + site_aggregate_capacity: + description: Site Aggregate Capacity + example: 2000 + type: number + site_all_tunnels: + description: Count of tunnels + example: 3 + type: number + site_capacity: + description: Site Capacity + example: 1000 + type: number + site_city: + description: Site City + example: Denver + type: string + site_connection_duration: + description: Site Connection Duration + example: 120 + type: number + site_country: + description: Site Country + example: USA + type: string + site_disconnection: + description: Site Disconnection + example: 0 + type: number + site_location: + description: Site Location + example: Denver, CO + type: string + site_location_string: + description: Site Location String + example: Denver, CO + type: string + site_name: + description: Site name + example: Remote-Conn1 + type: string + site_state: + description: Site State + example: 1 + type: number + site_state_name: + description: Site State Name + example: Up + type: string + site_type: + description: Site type + example: Remote Network + type: string + site_up_tunnels: + description: Count of Up Tunnels + example: 2 + type: number + source_ip: + description: Source IP + example: 192.168.1.1 + type: string + source_ip_string: + description: Source IP + example: 192.168.1.1 + type: string + type: object + description: OK + security: + - Bearer: [] + summary: List of branch sites + tags: + - Sites + /insights/v3.0/resource/query/sites/sc_list: + post: + description: 'Provides you a list of service connections for a specific website + or network. + + ' + operationId: post-insights-v3.0-resource-query-sites-sc_list + parameters: + - description: "Region mapping for the tenant. \n" + in: header + name: X-PANW-Region + required: true + schema: + example: americas + type: string + - description: TSG ID + in: header + name: Prisma-Tenant + required: false + schema: + example: 12345678:12345679 + type: string + requestBody: + content: + application/json: + examples: + Monitor > Data Centers > SC List: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + SC list with possible filters: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: site_state + subQuery: + name: topology_current_status_site_state + values: + - 0 + - operator: in + property: instance_state + subQuery: + name: topology_current_status_instance_state + values: + - 1 + - operator: in + property: site_name + values: + - SC1 + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: transport_type + values: + - IPSec + schema: + example: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + properties: + edge_location_display_name: + description: Name of PA location + example: US West + type: string + instance_state: + description: Instance state + enum: + - 0 + - 1 + - 2 + example: 1 + type: number + site_name: + description: Name of the site + example: SC-Conn1 + type: string + site_state: + description: State of the SC + enum: + - 0 + - 1 + - 2 + example: 0 + type: number + transport_type: + description: Transport Type + enum: + - IPSec + - Colo-Connect + example: IPSec + type: string + required: + - event_time + type: object + required: true + responses: + '200': + content: + application/json: + example: + data: + - avg_throughput: 100.5 + bgp_all_tunnels: 3 + bgp_site_state: 1 + bgp_site_state_name: Up + bgp_up_tunnels: 2 + destination_ip: 192.168.1.2 + destination_ip_string: 192.168.1.2 + edge_location_display_name: US West + instance_state: 1 + instance_state_name: Up + median_throughput: 95.5 + peak_throughput: 150.5 + site_all_tunnels: 3 + site_connection_duration: 120 + site_disconnection: 0 + site_name: SC-Conn1 + site_state: 1 + site_state_name: Up + site_up_tunnels: 2 + source_ip: 192.168.1.1 + source_ip_string: 192.168.1.1 + transport_type: IPSec + schema: + example: + data: + - avg_throughput: 100.5 + bgp_all_tunnels: 3 + bgp_site_state: 1 + bgp_site_state_name: Up + bgp_up_tunnels: 2 + destination_ip: 192.168.1.2 + destination_ip_string: 192.168.1.2 + edge_location_display_name: US West + instance_state: 1 + instance_state_name: Up + median_throughput: 95.5 + peak_throughput: 150.5 + site_all_tunnels: 3 + site_connection_duration: 120 + site_disconnection: 0 + site_name: SC-Conn1 + site_state: 1 + site_state_name: Up + site_up_tunnels: 2 + source_ip: 192.168.1.1 + source_ip_string: 192.168.1.1 + transport_type: IPSec + properties: + avg_throughput: + description: Average throughput + example: 100.5 + type: number + bgp_all_tunnels: + description: Count of BGP tunnels + example: 3 + type: number + bgp_site_state: + description: BGP Site State + example: 1 + type: number + bgp_site_state_name: + description: BGP Site State Name + example: Up + type: string + bgp_up_tunnels: + description: Count of Up Tunnels + example: 2 + type: number + destination_ip: + description: Destination IP + example: 192.168.1.2 + type: string + destination_ip_string: + description: Destination IP + example: 192.168.1.2 + type: string + edge_location_display_name: + description: PA Location + example: US West + type: string + instance_state: + description: Instance State + example: 1 + type: number + instance_state_name: + description: Instance State Name + example: Up + type: string + median_throughput: + description: Median throughput + example: 95.5 + type: number + peak_throughput: + description: Peak throughput + example: 150.5 + type: number + site_all_tunnels: + description: Count of tunnels + example: 3 + type: number + site_connection_duration: + description: Site Connection Duration + example: 120 + type: number + site_disconnection: + description: Site Disconnection + example: 0 + type: number + site_name: + description: Site Name + example: SC-Conn1 + type: string + site_state: + description: Site State + example: 1 + type: number + site_state_name: + description: Site State Name + example: Up + type: string + site_up_tunnels: + description: Count of Up Tunnels + example: 2 + type: number + source_ip: + description: Source IP + example: 192.168.1.1 + type: string + source_ip_string: + description: Source IP + example: 192.168.1.1 + type: string + transport_type: + description: Transport Type + example: IPSec + type: string + type: object + description: OK + security: + - Bearer: [] + summary: List of service connections + tags: + - Sites + /insights/v3.0/resource/query/sites/site_status: + post: + description: 'To get status of sites and or Remote Networks, and service connections. + + ' + operationId: post-insights-v3.0-resource-query-sites-site_status + parameters: + - description: "Region mapping for the tenant. \n" + in: header + name: X-PANW-Region + required: true + schema: + example: americas + type: string + - description: TSG ID + in: header + name: Prisma-Tenant + required: false + schema: + example: 12345678:12345679 + type: string + requestBody: + content: + application/json: + examples: + Monitor > Branch Sites > Site Status: + value: + filter: + rules: + - operator: in + property: node_type + values: + - 48 + Monitor > Data Centers > SC Status: + value: + filter: + rules: + - operator: in + property: node_type + values: + - 51 + Possible filters: + value: + filter: + rules: + - operator: in + property: node_type + values: + - 48 + - operator: in + property: site_state + values: + - 0 + - operator: in + property: instance_state + values: + - 1 + - operator: in + property: geoip_destination + subQuery: + name: topology_current_status_geo_location + values: + - Denver, United States + - operator: in + property: site_name + values: + - RN1 + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: compute_location + values: + - US East + - operator: in + property: transport_type + values: + - IPSec + schema: + example: + filter: + rules: + - operator: in + property: node_type + values: + - 48 + properties: + geoip_destination: + description: Geo IP of the destination + example: Denver, United States + type: string + instance_state: + description: Instance state + enum: + - 0 + - 1 + - 2 + example: 1 + type: number + site_name: + description: Name of the site or data center + example: RN-1 + type: string + site_state: + description: State of the site + enum: + - 0 + - 1 + - 2 + example: 0 + type: number + transport_type: + description: Transport Type + enum: + - IPSec + - Colo-Connect + example: IPSec + type: string + required: [] + type: object + required: true + responses: + '200': + content: + application/json: + example: + data: + - node_type: 48 + site_count: 25 + site_state: 1 + site_state_name: Up + - node_type: 48 + site_count: 5 + site_state: 0 + site_state_name: Down + schema: + example: + data: + - node_type: 48 + site_count: 25 + site_state: 1 + site_state_name: Up + properties: + node_type: + description: Node Type + type: integer + site_count: + description: Site Count + type: integer + site_state: + description: Site State + type: integer + site_state_name: + description: Site State Name + type: string + type: object + description: OK + security: + - Bearer: [] + summary: Remote Networks or Site status + tags: + - Sites +servers: +- url: https://api.sase.paloaltonetworks.com +tags: +- description: 'Location API + + ' + name: Location API +- description: 'Sites API + + ' + name: Sites API +- description: 'Mobile users API + + ' + name: Mobile Users API +- description: 'Application API + + ' + name: Application API diff --git a/openapi-specs/cloudngfw/aws/ManageNGFW.yaml b/openapi-specs/cloudngfw/aws/ManageNGFW.yaml index 21bd48e54..9a0db2f75 100644 --- a/openapi-specs/cloudngfw/aws/ManageNGFW.yaml +++ b/openapi-specs/cloudngfw/aws/ManageNGFW.yaml @@ -4,94 +4,102 @@ components: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. + description: "The unique ID of the account. - ' + " title: Accountid type: string Description: - description: 'Description of the NGFW. + description: "Description of the NGFW. - ' + " maxLength: 512 pattern: ^.*$ title: Description type: string + LinkId: + description: "A unique identifier for establishing and managing the link between the Cloud NGFW and other AWS resources" + title: LinkId + type: string EndpointMode: - description: 'The management mode used to create endpoints automatically + description: + "The management mode used to create endpoints automatically or manually. - ' + " enum: - - ServiceManaged - - CustomerManaged + - ServiceManaged + - CustomerManaged title: Endpointmode type: string FirewallName: - description: 'Name of the NGFW, unique in a region for each customer. + description: "Name of the NGFW, unique in a region for each customer. - ' + " maxLength: 128 minLength: 1 pattern: ^[a-zA-Z0-9-]+$ title: Firewallname type: string GlobalRuleStackName: - description: 'Name of the global rulestack. + description: "Name of the global rulestack. - ' + " title: Globalrulestackname type: string RuleStackName: - description: 'Name of the local rulestack. + description: "Name of the local rulestack. - ' + " title: Rulestackname type: string SubnetMappings: - description: 'The public subnets for your NGFW. Each subnet must belong + description: + "The public subnets for your NGFW. Each subnet must belong to a different Availability Zone in the VPC. NGFW creates an NGFW endpoint in each subnet. - ' + " items: - $ref: '#/components/schemas/CreateFWResourceRequest.SubnetMappingsType' + $ref: "#/components/schemas/CreateFWResourceRequest.SubnetMappingsType" title: Subnetmappings type: array Tags: - description: 'The key:value pairs to associate with a resource. + description: "The key:value pairs to associate with a resource. - ' + " items: - $ref: '#/components/schemas/CreateFWResourceRequest.TagEntry' + $ref: "#/components/schemas/CreateFWResourceRequest.TagEntry" maxItems: 50 title: Tags type: array VpcId: - description: "The unique identifier of the VPCs that you want NGFW to retrieve.\ + description: + "The unique identifier of the VPCs that you want NGFW to retrieve.\ \ Leave this blank to retrieve all VPCs. \n" title: Vpcid type: string required: - - EndpointMode - - FirewallName - - SubnetMappings - - VpcId + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId title: CreateFWResourceRequest type: object CreateFWResourceRequest.SubnetMappingsType: additionalProperties: false properties: AvailabilityZone: - description: 'The data center in a region available for use by the AWS customer. + description: + "The data center in a region available for use by the AWS customer. - ' + " title: Availabilityzone type: string SubnetId: - description: 'The unique ID of the subnet in your VPC. + description: "The unique ID of the subnet in your VPC. - ' + " title: Subnetid type: string title: SubnetMappingsType @@ -100,51 +108,52 @@ components: additionalProperties: false properties: Key: - description: 'A unique identifier in the key-value pair. The constant that + description: + "A unique identifier in the key-value pair. The constant that defines the data set. . - ' + " title: Key type: string Value: - description: 'The variable that belongs to the data set. + description: "The variable that belongs to the data set. - ' + " title: Value type: string required: - - Key - - Value + - Key + - Value title: TagEntry type: object CreateFWResourceResponse: properties: Response: - $ref: '#/components/schemas/CreateFWResourceResponse.FirewallResource' - description: 'The API call response. + $ref: "#/components/schemas/CreateFWResourceResponse.FirewallResource" + description: "The API call response. - ' + " ResponseStatus: - $ref: '#/components/schemas/CreateFWResourceResponse.Result' - description: 'The API call response status. + $ref: "#/components/schemas/CreateFWResourceResponse.Result" + description: "The API call response status. - ' + " title: CreateFWResourceResponse type: object CreateFWResourceResponse.FirewallResource: properties: AccountId: - description: 'The unique ID of the account. + description: "The unique ID of the account. - ' + " title: Accountid type: string AppIdVersion: - description: 'The App-ID version of the specified application. + description: "The App-ID version of the specified application. - ' + " maxLength: 64 minLength: 1 pattern: ^[0-9]+-[0-9]+$ @@ -152,26 +161,31 @@ components: type: string AutomaticUpgradeAppIdVersion: default: true - description: 'Specify whether to automatically upgrade to the latest App-ID + description: + "Specify whether to automatically upgrade to the latest App-ID version. - ' + " title: Automaticupgradeappidversion type: boolean + LinkId: + title: LinkId + type: string Description: - description: 'Description of the NGFW. + description: "Description of the NGFW. - ' + " title: Description type: string EndpointMode: - description: 'The management mode used to create endpoints automatically + description: + "The management mode used to create endpoints automatically or manually. - ' + " enum: - - ServiceManaged - - CustomerManaged + - ServiceManaged + - CustomerManaged title: Endpointmode type: string FirewallName: @@ -182,52 +196,54 @@ components: title: Firewallname type: string GlobalRuleStackName: - description: 'Name of the global rulestack. + description: "Name of the global rulestack. - ' + " title: Globalrulestackname type: string RuleStackName: - description: 'Name of the local rulestack. + description: "Name of the local rulestack. - ' + " title: Rulestackname type: string SubnetMappings: - description: 'The public subnets for your NGFW. Each subnet must belong + description: + "The public subnets for your NGFW. Each subnet must belong to a different Availability Zone (AZ) in the VPC. NGFW creates an NGFW endpoint in each subnet. - ' + " items: type: object title: Subnetmappings type: array Tags: - description: 'The key:value pairs to associate with a resource. + description: "The key:value pairs to associate with a resource. - ' + " items: type: object title: Tags type: array UpdateToken: - default: '1' - description: 'Refresh token. + default: "1" + description: "Refresh token. - ' + " title: Updatetoken type: string VpcId: - description: "The unique identifier of the VPCs that you want NGFW to retrieve.\ + description: + "The unique identifier of the VPCs that you want NGFW to retrieve.\ \ Leave this blank to retrieve all VPCs. \n" title: Vpcid type: string required: - - EndpointMode - - FirewallName - - SubnetMappings - - VpcId + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId title: FirewallResource type: object CreateFWResourceResponse.Result: @@ -235,7 +251,8 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ + description: + "Default value of a successful response is 0. Any other number\ \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\ Operation failed because it is not valid. For example, when you delete\ \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\ @@ -249,9 +266,9 @@ components: title: Errorcode type: integer Reason: - description: 'The error description. + description: "The error description. - ' + " title: Reason type: string title: Result @@ -260,9 +277,9 @@ components: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. + description: "The unique ID of the account. - ' + " title: Accountid type: string title: DeleteFWResourceRequest @@ -270,29 +287,29 @@ components: DeleteFWResourceResponse: properties: Response: - $ref: '#/components/schemas/DeleteFWResourceResponse.FirewallResource' - description: 'The API call response. + $ref: "#/components/schemas/DeleteFWResourceResponse.FirewallResource" + description: "The API call response. - ' + " ResponseStatus: - $ref: '#/components/schemas/DeleteFWResourceResponse.Result' - description: 'The API call response status. + $ref: "#/components/schemas/DeleteFWResourceResponse.Result" + description: "The API call response status. - ' + " title: DeleteFWResourceResponse type: object DeleteFWResourceResponse.FirewallResource: properties: AccountId: - description: 'The unique ID of the account. + description: "The unique ID of the account. - ' + " title: Accountid type: string AppIdVersion: - description: 'The App-ID version of the specified application. + description: "The App-ID version of the specified application. - ' + " maxLength: 64 minLength: 1 pattern: ^[0-9]+-[0-9]+$ @@ -300,26 +317,28 @@ components: type: string AutomaticUpgradeAppIdVersion: default: true - description: 'Specify whether to automatically upgrade to the latest App-ID + description: + "Specify whether to automatically upgrade to the latest App-ID version. - ' + " title: Automaticupgradeappidversion type: boolean Description: - description: 'Description of the NGFW. + description: "Description of the NGFW. - ' + " title: Description type: string EndpointMode: - description: 'The management mode used to create endpoints automatically + description: + "The management mode used to create endpoints automatically or manually. - ' + " enum: - - ServiceManaged - - CustomerManaged + - ServiceManaged + - CustomerManaged title: Endpointmode type: string FirewallName: @@ -330,52 +349,54 @@ components: title: Firewallname type: string GlobalRuleStackName: - description: 'Name of the global rulestack. + description: "Name of the global rulestack. - ' + " title: Globalrulestackname type: string RuleStackName: - description: 'Name of the local rulestack. + description: "Name of the local rulestack. - ' + " title: Rulestackname type: string SubnetMappings: - description: 'The public subnets for your NGFW. Each subnet must belong + description: + "The public subnets for your NGFW. Each subnet must belong to a different Availability Zone in the VPC. NGFW creates an NGFW endpoint in each subnet. - ' + " items: type: object title: Subnetmappings type: array Tags: - description: 'The key:value pairs to associate with a resource. + description: "The key:value pairs to associate with a resource. - ' + " items: type: object title: Tags type: array UpdateToken: - default: '1' - description: 'Refresh token. + default: "1" + description: "Refresh token. - ' + " title: Updatetoken type: string VpcId: - description: "The unique identifier of the VPCs that you want NGFW to retrieve.\ + description: + "The unique identifier of the VPCs that you want NGFW to retrieve.\ \ Leave this blank to retrieve all VPCs. \n" title: Vpcid type: string required: - - EndpointMode - - FirewallName - - SubnetMappings - - VpcId + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId title: FirewallResource type: object DeleteFWResourceResponse.Result: @@ -383,7 +404,8 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ + description: + "Default value of a successful response is 0. Any other number\ \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\ Operation failed because it is not valid. For example, when you delete\ \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\ @@ -397,9 +419,9 @@ components: title: Errorcode type: integer Reason: - description: 'The error description. + description: "The error description. - ' + " title: Reason type: string title: Result @@ -409,14 +431,16 @@ components: properties: MaxResults: default: 1024 - description: "The maximum number of firewalls that you want NGFW to return\ + description: + "The maximum number of firewalls that you want NGFW to return\ \ for this request. \n" maximum: 1024 minimum: 1 title: Maxresults type: integer NextToken: - description: "If the number of NGFWs available for retrieval exceeds the\ + description: + "If the number of NGFWs available for retrieval exceeds the\ \ maximum you requested, Cloud NGFW returns a NextToken value in response.\ \ To retrieve the next batch of NGFWs, use this token in your next request.\ \ \n" @@ -429,10 +453,11 @@ components: title: Rulestackname type: string VpcIds: - description: 'The unique identifier of the VPCs that you want NGFW to retrieve. + description: + "The unique identifier of the VPCs that you want NGFW to retrieve. Leave this blank to retrieve all VPCs. - ' + " items: type: string title: Vpcids @@ -442,23 +467,23 @@ components: ListFWResourceResponse: properties: Response: - $ref: '#/components/schemas/ListFWResourceResponse.ResponseData' - description: 'The API call response. + $ref: "#/components/schemas/ListFWResourceResponse.ResponseData" + description: "The API call response. - ' + " ResponseStatus: - $ref: '#/components/schemas/ListFWResourceResponse.Result' - description: 'The API call response status. + $ref: "#/components/schemas/ListFWResourceResponse.Result" + description: "The API call response status. - ' + " title: ListFWResourceResponse type: object ListFWResourceResponse.FirewallInfo: properties: AccountId: - description: 'The unique ID of the account. + description: "The unique ID of the account. - ' + " title: Accountid type: string FirewallName: @@ -466,21 +491,22 @@ components: title: Firewallname type: string required: - - FirewallName + - FirewallName title: FirewallInfo type: object ListFWResourceResponse.ResponseData: properties: Firewalls: - description: 'The list of NGFWs. + description: "The list of NGFWs. - ' + " items: - $ref: '#/components/schemas/ListFWResourceResponse.FirewallInfo' + $ref: "#/components/schemas/ListFWResourceResponse.FirewallInfo" title: Firewalls type: array NextToken: - description: "If the number of NGFWs available for retrieval exceeds the\ + description: + "If the number of NGFWs available for retrieval exceeds the\ \ maximum you requested, Cloud NGFW returns a NextToken value in response.\ \ To retrieve the next batch of NGFWs, use this token in your next request.\ \ \n" @@ -493,7 +519,8 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ + description: + "Default value of a successful response is 0. Any other number\ \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\ Operation failed due to invalid request. For example, unsupported parameter\ \ name or value in the request.\n* ResourceNotFoundException\u2014Unable\ @@ -504,9 +531,9 @@ components: title: Errorcode type: integer Reason: - description: 'The error description. + description: "The error description. - ' + " title: Reason type: string title: Result @@ -515,9 +542,9 @@ components: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. + description: "The unique ID of the account. - ' + " title: Accountid type: string title: ReadFWResourceRequest @@ -525,29 +552,29 @@ components: ReadFWResourceResponse: properties: Response: - $ref: '#/components/schemas/ReadFWResourceResponse.ResponseData' - description: 'The API call response. + $ref: "#/components/schemas/ReadFWResourceResponse.ResponseData" + description: "The API call response. - ' + " ResponseStatus: - $ref: '#/components/schemas/ReadFWResourceResponse.Result' - description: 'The API call response status. + $ref: "#/components/schemas/ReadFWResourceResponse.Result" + description: "The API call response status. - ' + " title: ReadFWResourceResponse type: object ReadFWResourceResponse.ReadFirewallResource: properties: AccountId: - description: 'The unique ID of the account. + description: "The unique ID of the account. - ' + " title: Accountid type: string AppIdVersion: - description: 'The App-ID version of the specified application. + description: "The App-ID version of the specified application. - ' + " maxLength: 64 minLength: 1 pattern: ^[0-9]+-[0-9]+$ @@ -555,26 +582,28 @@ components: type: string AutomaticUpgradeAppIdVersion: default: true - description: 'Specify whether to automatically upgrade to the latest App-ID + description: + "Specify whether to automatically upgrade to the latest App-ID version. - ' + " title: Automaticupgradeappidversion type: boolean Description: - description: 'Description of the NGFW. + description: "Description of the NGFW. - ' + " title: Description type: string EndpointMode: - description: 'The management mode used to create endpoints automatically + description: + "The management mode used to create endpoints automatically or manually. - ' + " enum: - - ServiceManaged - - CustomerManaged + - ServiceManaged + - CustomerManaged title: Endpointmode type: string EndpointServiceName: @@ -589,134 +618,136 @@ components: title: Firewallname type: string GlobalRuleStackName: - description: 'Name of the global rulestack. + description: "Name of the global rulestack. - ' + " title: Globalrulestackname type: string RuleStackName: - description: 'Name of the local rulestack. + description: "Name of the local rulestack. - ' + " title: Rulestackname type: string SubnetMappings: - description: 'The public subnets for your NGFW. Each subnet must belong + description: + "The public subnets for your NGFW. Each subnet must belong to a different Availability Zone in the VPC. NGFW creates an NGFW endpoint in each subnet. - ' + " items: type: object title: Subnetmappings type: array Tags: - description: 'The key:value pairs to associate with a resource. + description: "The key:value pairs to associate with a resource. - ' + " items: type: object title: Tags type: array UpdateToken: - default: '1' - description: 'Refresh token. + default: "1" + description: "Refresh token. - ' + " title: Updatetoken type: string VpcId: - description: "The unique identifier of the VPCs that you want NGFW to retrieve.\ + description: + "The unique identifier of the VPCs that you want NGFW to retrieve.\ \ Leave this blank to retrieve all VPCs. \n" title: Vpcid type: string required: - - EndpointMode - - FirewallName - - SubnetMappings - - VpcId + - EndpointMode + - FirewallName + - SubnetMappings + - VpcId title: ReadFirewallResource type: object ReadFWResourceResponse.ResourceAttachment: properties: EndpointId: - description: 'The unique ID of the endpoint. + description: "The unique ID of the endpoint. - ' + " title: Endpointid type: string RejectedReason: - description: 'Reason of rejection. + description: "Reason of rejection. - ' + " title: Rejectedreason type: string Status: enum: - - ACCEPTED - - PENDING - - REJECTED + - ACCEPTED + - PENDING + - REJECTED title: Status type: string SubnetId: - description: 'The unique ID of the subnet in your VPC. + description: "The unique ID of the subnet in your VPC. - ' + " title: Subnetid type: string required: - - EndpointId - - Status + - EndpointId + - Status title: ResourceAttachment type: object ReadFWResourceResponse.ResourceStatus: properties: Attachments: - description: 'The endpoint attachment. + description: "The endpoint attachment. - ' + " items: - $ref: '#/components/schemas/ReadFWResourceResponse.ResourceAttachment' + $ref: "#/components/schemas/ReadFWResourceResponse.ResourceAttachment" title: Attachments type: array FailureReason: - description: 'The reason for failure. + description: "The reason for failure. - ' + " title: Failurereason type: string FirewallStatus: enum: - - CREATING - - UPDATING - - DELETING - - CREATE_COMPLETE - - UPDATE_COMPLETE - - CREATE_FAIL - - UPDATE_FAIL - - DELETE_FAIL + - CREATING + - UPDATING + - DELETING + - CREATE_COMPLETE + - UPDATE_COMPLETE + - CREATE_FAIL + - UPDATE_FAIL + - DELETE_FAIL title: Firewallstatus type: string RuleStackStatus: - description: 'Status of rulestack. + description: "Status of rulestack. - ' + " title: Rulestackstatus type: string required: - - Attachments - - FirewallStatus + - Attachments + - FirewallStatus title: ResourceStatus type: object ReadFWResourceResponse.ResponseData: properties: Firewall: - $ref: '#/components/schemas/ReadFWResourceResponse.ReadFirewallResource' + $ref: "#/components/schemas/ReadFWResourceResponse.ReadFirewallResource" Status: - $ref: '#/components/schemas/ReadFWResourceResponse.ResourceStatus' - description: 'Status of NGFW. + $ref: "#/components/schemas/ReadFWResourceResponse.ResourceStatus" + description: "Status of NGFW. - ' + " title: ResponseData type: object ReadFWResourceResponse.Result: @@ -724,7 +755,8 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ + description: + "Default value of a successful response is 0. Any other number\ \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\ Operation failed due to invalid request. For example, unsupported parameter\ \ name or value in the request.\n* ResourceNotFoundException\u2014Unable\ @@ -735,9 +767,9 @@ components: title: Errorcode type: integer Reason: - description: 'The error description + description: "The error description - ' + " title: Reason type: string title: Result @@ -746,68 +778,68 @@ components: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. + description: "The unique ID of the account. - ' + " title: Accountid type: string Description: - description: 'Description of the firewall. + description: "Description of the firewall. - ' + " maxLength: 512 pattern: ^.*$ title: Description type: string UpdateToken: - description: 'Refresh token. + description: "Refresh token. - ' + " title: Updatetoken type: string required: - - Description + - Description title: UpdateFWResourceDescriptionRequest type: object UpdateFWResourceDescriptionResponse: properties: Response: - $ref: '#/components/schemas/UpdateFWResourceDescriptionResponse.ResponseData' - description: 'The API call response. + $ref: "#/components/schemas/UpdateFWResourceDescriptionResponse.ResponseData" + description: "The API call response. - ' + " ResponseStatus: - $ref: '#/components/schemas/UpdateFWResourceDescriptionResponse.Result' - description: 'The API call response status. + $ref: "#/components/schemas/UpdateFWResourceDescriptionResponse.Result" + description: "The API call response status. - ' + " title: UpdateFWResourceDescriptionResponse type: object UpdateFWResourceDescriptionResponse.ResponseData: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. + description: "The unique ID of the account. - ' + " title: Accountid type: string Description: - description: 'Description of the firewall. + description: "Description of the firewall. - ' + " title: Description type: string FirewallName: - description: 'Name of the NGFW, unique in a region for each customer. + description: "Name of the NGFW, unique in a region for each customer. - ' + " title: Firewallname type: string UpdateToken: - description: 'Refresh token. + description: "Refresh token. - ' + " title: Updatetoken type: string title: ResponseData @@ -817,7 +849,8 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ + description: + "Default value of a successful response is 0. Any other number\ \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\ Operation failed due to invalid request. For example, unsupported parameter\ \ name or value in the request.\n* ResourceNotFoundException\u2014Unable\ @@ -828,9 +861,9 @@ components: title: Errorcode type: integer Reason: - description: 'The error description. + description: "The error description. - ' + " title: Reason type: string title: Result @@ -839,31 +872,31 @@ components: additionalProperties: false properties: AccountId: - description: 'The unique ID of the account. + description: "The unique ID of the account. - ' + " title: Accountid type: string AssociateSubnetMappings: - description: 'Associate the subnets to NGFW. + description: "Associate the subnets to NGFW. - ' + " items: - $ref: '#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType' + $ref: "#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType" title: Associatesubnetmappings type: array DisassociateSubnetMappings: - description: 'Disassociate the subnet from NGFW. + description: "Disassociate the subnet from NGFW. - ' + " items: - $ref: '#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType' + $ref: "#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType" title: Disassociatesubnetmappings type: array UpdateToken: - description: 'Refresh token. + description: "Refresh token. - ' + " title: Updatetoken type: string title: UpdateFWResourceSubnetsRequest @@ -872,15 +905,16 @@ components: additionalProperties: false properties: AvailabilityZone: - description: 'The data center in a region available for use by the AWS customer. + description: + "The data center in a region available for use by the AWS customer. - ' + " title: Availabilityzone type: string SubnetId: - description: 'The unique ID of the subnet in your VPC. + description: "The unique ID of the subnet in your VPC. - ' + " title: Subnetid type: string title: SubnetMappingsType @@ -888,45 +922,46 @@ components: UpdateFWResourceSubnetsResponse: properties: Response: - $ref: '#/components/schemas/UpdateFWResourceSubnetsResponse.ResponseData' - description: 'The API call response. + $ref: "#/components/schemas/UpdateFWResourceSubnetsResponse.ResponseData" + description: "The API call response. - ' + " ResponseStatus: - $ref: '#/components/schemas/UpdateFWResourceSubnetsResponse.Result' - description: 'The API call response status. + $ref: "#/components/schemas/UpdateFWResourceSubnetsResponse.Result" + description: "The API call response status. - ' + " title: UpdateFWResourceSubnetsResponse type: object UpdateFWResourceSubnetsResponse.ResponseData: properties: AccountId: - description: 'The unique ID of the account. + description: "The unique ID of the account. - ' + " title: Accountid type: string FirewallName: - description: 'Name of the NGFW, unique in a region for each customer. + description: "Name of the NGFW, unique in a region for each customer. - ' + " title: Firewallname type: string SubnetMappings: - description: 'The public subnets for your NGFW. Each subnet must belong + description: + "The public subnets for your NGFW. Each subnet must belong to a different Availability Zone in the VPC. NGFW creates a firewall endpoint in each subnet. - ' + " items: type: object title: Subnetmappings type: array UpdateToken: - description: 'Refresh token. + description: "Refresh token. - ' + " title: Updatetoken type: string title: ResponseData @@ -936,7 +971,8 @@ components: properties: ErrorCode: default: 0 - description: "Default value of a successful response is 0. Any other number\ + description: + "Default value of a successful response is 0. Any other number\ \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\ Operation failed due to invalid request. For example, unsupported parameter\ \ name or value in the request.\n* ResourceNotFoundException\u2014Unable\ @@ -947,16 +983,17 @@ components: title: Errorcode type: integer Reason: - description: 'The error description. + description: "The error description. - ' + " title: Reason type: string title: Result type: object info: contact: {} - description: "Manage the IAM rules and permission required for user access. \ + description: + "Manage the IAM rules and permission required for user access. \ \ \n" title: Manage Cloud NGFW Resources version: 1.0.0 @@ -964,53 +1001,56 @@ openapi: 3.0.3 paths: /v1/config/ngfirewalls: get: - description: 'List all NGFWs in the Global Firewall Admin (FMS) account and + description: + "List all NGFWs in the Global Firewall Admin (FMS) account and retrieve the metadata for the NGFW policies that you have defined. - ' + " operationId: get-v1-config-ngfirewalls parameters: [] requestBody: content: application/json: schema: - $ref: '#/components/schemas/ListFWResourceRequest' + $ref: "#/components/schemas/ListFWResourceRequest" responses: - '200': + "200": content: application/json: schema: - $ref: '#/components/schemas/ListFWResourceResponse' + $ref: "#/components/schemas/ListFWResourceResponse" description: OK summary: List Firewall Resources tags: - - ManageNGFW + - ManageNGFW post: - description: 'Create an NGFW and define configuration settings. The settings + description: + "Create an NGFW and define configuration settings. The settings that you define at creation include NGFW policy, subnets in your VPC, and tags associated with the NGFW resource. - ' + " operationId: post-v1-config-ngfirewalls parameters: [] requestBody: content: application/json: schema: - $ref: '#/components/schemas/CreateFWResourceRequest' + $ref: "#/components/schemas/CreateFWResourceRequest" responses: - '200': + "200": content: application/json: schema: - $ref: '#/components/schemas/CreateFWResourceResponse' + $ref: "#/components/schemas/CreateFWResourceResponse" description: OK summary: Create A Firewall Resource tags: - - ManageNGFW + - ManageNGFW /v1/config/ngfirewalls/{ngfirewallname}: delete: - description: "Delete the specified NGFW. You can check whether a NGFW is in\ + description: + "Delete the specified NGFW. You can check whether a NGFW is in\ \ use by reviewing the route tables for the Availability Zones (AZs) where\ \ you have the NGFW subnet mappings. \n\nRetrieve the subnet mappings by\ \ calling `DescribeFirewall`. You can define and update the route tables through\ @@ -1019,118 +1059,119 @@ paths: \ you can remove the NGFW safely.\n" operationId: delete-v1-config-ngfirewalls-ngfirewallname parameters: - - description: 'The name of the NGFW. + - description: "The name of the NGFW. - ' - in: path - name: ngfirewallname - required: true - schema: - type: string + " + in: path + name: ngfirewallname + required: true + schema: + type: string requestBody: content: application/json: schema: - $ref: '#/components/schemas/DeleteFWResourceRequest' + $ref: "#/components/schemas/DeleteFWResourceRequest" responses: - '200': + "200": content: application/json: schema: - $ref: '#/components/schemas/DeleteFWResourceResponse' + $ref: "#/components/schemas/DeleteFWResourceResponse" description: OK summary: Delete A Firewall Resource tags: - - ManageNGFW + - ManageNGFW get: - description: 'Returns the data of a specific NGFW resource. + description: "Returns the data of a specific NGFW resource. - ' + " operationId: get-v1-config-ngfirewalls-ngfirewallname parameters: - - description: 'The name of the NGFW. + - description: "The name of the NGFW. - ' - in: path - name: ngfirewallname - required: true - schema: - type: string + " + in: path + name: ngfirewallname + required: true + schema: + type: string requestBody: content: application/json: schema: - $ref: '#/components/schemas/ReadFWResourceRequest' + $ref: "#/components/schemas/ReadFWResourceRequest" responses: - '200': + "200": content: application/json: schema: - $ref: '#/components/schemas/ReadFWResourceResponse' + $ref: "#/components/schemas/ReadFWResourceResponse" description: OK summary: Describe A Firewall Resource tags: - - ManageNGFW + - ManageNGFW /v1/config/ngfirewalls/{ngfirewallname}/description: put: - description: 'Modifies the description of a specific NGFW. Use the description + description: + "Modifies the description of a specific NGFW. Use the description to help identify the NGFW when you are working with it. - ' + " operationId: put-v1-config-ngfirewalls-ngfirewallname-description parameters: - - description: 'The name of the NGFW. + - description: "The name of the NGFW. - ' - in: path - name: ngfirewallname - required: true - schema: - type: string + " + in: path + name: ngfirewallname + required: true + schema: + type: string requestBody: content: application/json: schema: - $ref: '#/components/schemas/UpdateFWResourceDescriptionRequest' + $ref: "#/components/schemas/UpdateFWResourceDescriptionRequest" responses: - '200': + "200": content: application/json: schema: - $ref: '#/components/schemas/UpdateFWResourceDescriptionResponse' + $ref: "#/components/schemas/UpdateFWResourceDescriptionResponse" description: OK summary: Update A Firewall Resource Description tags: - - ManageNGFW + - ManageNGFW /v1/config/ngfirewalls/{ngfirewallname}/subnets: put: description: "Update the subnet ID associated with a NGFW. \n" operationId: put-v1-config-ngfirewalls-ngfirewallname-subnets parameters: - - description: 'The name of the NGFW. + - description: "The name of the NGFW. - ' - in: path - name: ngfirewallname - required: true - schema: - type: string + " + in: path + name: ngfirewallname + required: true + schema: + type: string requestBody: content: application/json: schema: - $ref: '#/components/schemas/UpdateFWResourceSubnetsRequest' + $ref: "#/components/schemas/UpdateFWResourceSubnetsRequest" responses: - '200': + "200": content: application/json: schema: - $ref: '#/components/schemas/UpdateFWResourceSubnetsResponse' + $ref: "#/components/schemas/UpdateFWResourceSubnetsResponse" description: OK summary: Update A Firewall Resource Subnet Mappings tags: - - ManageNGFW + - ManageNGFW servers: -- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com + - url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com tags: -- name: ManageNGFW + - name: ManageNGFW diff --git a/openapi-specs/code/BOMReport.json b/openapi-specs/code/BOMReport.json deleted file mode 100644 index 4d5744891..000000000 --- a/openapi-specs/code/BOMReport.json +++ /dev/null @@ -1,130 +0,0 @@ -{ - "components": { - "examples": {}, - "headers": {}, - "parameters": {}, - "requestBodies": {}, - "responses": {}, - "securitySchemes": { - "CustomAuthorizer": { - "in": "header", - "name": "authorization", - "type": "apiKey", - "x-amazon-apigateway-authorizer": { - "authorizerResultTtlInSeconds": 0, - "authorizerUri": "arn:aws:apigateway:{Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:{Region}:{AccountId}:function:bc-authorization-authorizer-{UniqueTag}{Alias}/invocations", - "identitySource": "method.request.header.authorization", - "type": "request" - }, - "x-amazon-apigateway-authtype": "custom" - } - }, - "schemas": { - "BOMMaterials": { - "enum": ["oss", "iac", "images", "all"], - "type": "string" - }, - "BOMReportFormat": { "enum": ["csv", "cyclonedx"], "type": "string" }, - "GeneratedBOMReport": { - "additionalProperties": false, - "properties": { - "format": { "$ref": "#/components/schemas/BOMReportFormat" }, - "reportLink": { "type": "string" } - }, - "required": ["reportLink", "format"], - "type": "object" - }, - "GeneratedBOMReportResponse": { - "additionalProperties": false, - "properties": { - "bomResponse": { - "items": { "$ref": "#/components/schemas/GeneratedBOMReport" }, - "type": "array" - } - }, - "required": ["bomResponse"], - "type": "object" - } - } - }, - "info": { - "contact": {}, - "description": "The BOMReport endpoints are listed below.\n", - "title": "Prisma Cloud BOMReport API Overview", - "version": "Latest" - }, - "openapi": "3.0.0", - "paths": { - "/code/api/v1/bom/getBOMReport/{repoId}": { - "get": { - "description": "Get a BOM Report", - "operationId": "getBOMReport", - "parameters": [ - { - "in": "path", - "name": "repoId", - "required": true, - "schema": { "type": "string" } - }, - { - "in": "query", - "name": "format", - "required": true, - "schema": { "enum": ["csv", "cyclonedx"], "type": "string" } - }, - { - "in": "query", - "name": "material", - "required": true, - "schema": { - "enum": ["oss", "iac", "images", "all"], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "examples": { - "Example 1": { - "value": { - "bomResponse": [ - { - "format": "csv", - "reportLink": "Presigned BOM Report Link" - } - ] - } - } - }, - "schema": { - "$ref": "#/components/schemas/GeneratedBOMReportResponse" - } - } - }, - "description": "Get BOM Report" - }, - "401": { "description": "Unauthorized to get the BOM report" }, - "422": { "description": "Request arguments validation error" }, - "500": { "description": "Failed to get BOM Report" } - }, - "security": [{ "CustomAuthorizer": [] }], - "summary": "Get BOM Report", - "tags": ["BOMReport"], - "x-codeSamples": [ - { - "lang": "Python + Requests", - "source": "import requests\n\nurl = \"https://api.prismacloud.io/code/api/v1/bom/getBOMReport/{repoId}\"\n\nquerystring = {\"format\":\"SOME_STRING_VALUE\",\"material\":\"SOME_STRING_VALUE\"}\n\nheaders = {\"authorization\": \"REPLACE_KEY_VALUE\"}\n\nresponse = requests.request(\"GET\", url, headers=headers, params=querystring)\n\nprint(response.text)" - }, - { - "lang": "Shell + Curl", - "source": "curl --request GET \\\n --url 'https://api.prismacloud.io/code/api/v1/bom/getBOMReport/{repoId}?format=SOME_STRING_VALUE&material=SOME_STRING_VALUE' \\\n --header 'authorization: REPLACE_KEY_VALUE'" - } - ] - } - } - }, - "servers": [{ "url": "https://api.prismacloud.io" }], - "tags": [{ "name": "BOMReport" }] -} diff --git a/openapi-specs/code/CI-CDRisks.json b/openapi-specs/code/CI-CDRisks.json new file mode 100644 index 000000000..62c37594e --- /dev/null +++ b/openapi-specs/code/CI-CDRisks.json @@ -0,0 +1,499 @@ +{ + "components": { + "examples": {}, + "headers": {}, + "parameters": {}, + "requestBodies": {}, + "responses": {}, + "securitySchemes": { + "CustomAuthorizer": { + "in": "header", + "name": "authorization", + "type": "apiKey", + "x-amazon-apigateway-authorizer": { + "authorizerResultTtlInSeconds": 0, + "authorizerUri": "arn:aws:apigateway:{Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:{Region}:{AccountId}:function:bc-authorization-v2-authorizer-{UniqueTag}{Alias}/invocations", + "identitySource": "method.request.header.authorization", + "type": "request" + }, + "x-amazon-apigateway-authtype": "custom" + } + }, + "schemas": { + "AlertData": { + "additionalProperties": false, + "properties": { + "details": { + "description": "CI/CD Risk event details", + "type": "string" + }, + "detectedOn": { "type": "string" }, + "id": { "description": "CI/CD Risk event ID", "type": "string" }, + "instanceId": { + "description": "CI/CD Risk instance ID", + "type": "string" + }, + "lastCalculatedOn": { + "description": "Last calculation time", + "type": "string" + }, + "repositoryId": { + "description": "VCS repository ID", + "type": "string" + }, + "title": { "description": "CI/CD Risk event title", "type": "string" } + }, + "required": [ + "id", + "title", + "details", + "detectedOn", + "lastCalculatedOn" + ], + "type": "object" + }, + "GetAlertsDataResponse": { + "additionalProperties": false, + "properties": { + "data": { + "items": { "$ref": "#/components/schemas/AlertData" }, + "type": "array" + }, + "hasNext": { "type": "boolean" } + }, + "required": ["data", "hasNext"], + "type": "object" + }, + "GetRiskDetailsDataResponse": { + "additionalProperties": false, + "properties": { + "data": { "$ref": "#/components/schemas/RiskDetails" } + }, + "required": ["data"], + "type": "object" + }, + "GetRisksDataResponse": { + "additionalProperties": false, + "properties": { + "data": { + "items": { "$ref": "#/components/schemas/RiskData" }, + "type": "array" + }, + "hasNext": { "type": "boolean" } + }, + "required": ["data", "hasNext"], + "type": "object" + }, + "RiskData": { + "additionalProperties": false, + "properties": { + "category": { + "description": "CI/CD Risk category", + "type": "string" + }, + "fixedAlerts": { + "description": "Number of fixed events", + "format": "double", + "type": "number" + }, + "lastAlertOn": { + "description": "Date and time of last alert", + "type": "string" + }, + "name": { "description": "CI/CD Risk name", "type": "string" }, + "openAlerts": { + "description": "Number of opened events", + "format": "double", + "type": "number" + }, + "policyId": { + "description": "CI/CD Risk policy ID", + "type": "string" + }, + "severity": { + "description": "CI/CD Risk severity", + "type": "string" + }, + "status": { "description": "CI/CD Risk status", "type": "string" }, + "system": { "description": "CI/CD Risk system", "type": "string" }, + "totalAlerts": { + "description": "Number of total events", + "format": "double", + "type": "number" + } + }, + "required": [ + "policyId", + "name", + "status", + "category", + "severity", + "system", + "openAlerts", + "fixedAlerts", + "totalAlerts", + "lastAlertOn" + ], + "type": "object" + }, + "RiskDetails": { + "additionalProperties": false, + "properties": { + "category": { + "description": "CI/CD Risk category", + "type": "string" + }, + "description": { + "description": "CI/CD Risk description", + "type": "string" + }, + "fixedAlerts": { + "description": "Number of fixed events", + "format": "double", + "type": "number" + }, + "lastCalculatedOn": { + "description": "Last calculation time", + "type": "string" + }, + "locationInDeliveryChain": { + "description": "Location in delivery chain", + "type": "string" + }, + "name": { "description": "CI/CD Risk name", "type": "string" }, + "openAlerts": { + "description": "Number of open events", + "format": "double", + "type": "number" + }, + "policyId": { + "description": "CI/CD Risk policy ID", + "type": "string" + }, + "severity": { + "description": "CI/CD Risk severity", + "type": "string" + }, + "stepsToSolve": { + "description": "Description of steps to solve the risk", + "type": "string" + }, + "suppressedAlerts": { + "description": "Number of suppressed events", + "format": "double", + "type": "number" + }, + "system": { "description": "CI/CD Risk system", "type": "string" } + }, + "required": [ + "policyId", + "name", + "description", + "stepsToSolve", + "category", + "severity", + "system", + "openAlerts", + "suppressedAlerts", + "fixedAlerts", + "locationInDeliveryChain", + "lastCalculatedOn" + ], + "type": "object" + } + } + }, + "info": { + "contact": {}, + "description": "The CI/CD endpoints are listed below.", + "title": "Prisma Cloud CI/CD API Overview", + "version": "Latest" + }, + "openapi": "3.0.0", + "paths": { + "/code/code/api/v1/pipeline-risks": { + "post": { + "operationId": "pipelineRisksGetAll", + "parameters": [], + "requestBody": { + "content": { + "application/json": { + "schema": { + "properties": { + "categories": { + "description": "CI/CD Risks categories: [`ppe`, `identifyAccessManagement`, `thirdPartyServices`, `dependencyChains`, `credentialHygiene`, `pipelineBasedAccessControls`, `artifactIntegrityValidation`, `dataProtection`, `flowControlMechanism`, `systemConfiguration`, `loggingAndVisibility`]", + "items": { "type": "string" }, + "type": "array" + }, + "endDate": { "type": "string" }, + "levels": { + "description": "CI/CD Risk priority level: [`1`, `2`, `3`, `4`]", + "items": { "type": "string" }, + "type": "array" + }, + "names": { + "description": "CI/CD Risk name", + "items": { "type": "string" }, + "type": "array" + }, + "repositoryIds": { + "items": { "type": "string" }, + "type": "array" + }, + "severities": { + "description": "CI/CD Risk severity: [`info`, `low`, `medium`, `high`, `critical`]", + "items": { "type": "string" }, + "type": "array" + }, + "startDate": { "type": "string" }, + "status": { "type": "string" }, + "systems": { + "description": "CI/CD Systems [`crosssystem`, `github`, `gitlab`, `githubActions`, `gitlabCICD`, `bitbucket`, `jenkins`, `circleCI`]", + "items": { "type": "string" }, + "type": "array" + } + }, + "type": "object" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GetRisksDataResponse" + } + } + }, + "description": "Get pipeline risks" + }, + "422": { "description": "Request arguments validation error" } + }, + "security": [{ "CustomAuthorizer": [] }], + "summary": "Get All CI/CD Risks Summary", + "tags": ["CI-CD Risks"], + "x-codeSamples": [ + { + "lang": "Python + Requests", + "source": "import requests\n\nurl = \"http://undefinedundefined/code/code/api/v1/pipeline-risks\"\n\npayload = {\n \"categories\": [\"string\"],\n \"endDate\": \"string\",\n \"levels\": [\"string\"],\n \"names\": [\"string\"],\n \"repositoryIds\": [\"string\"],\n \"severities\": [\"string\"],\n \"startDate\": \"string\",\n \"status\": \"string\",\n \"systems\": [\"string\"]\n}\nheaders = {\n \"content-type\": \"application/json\",\n \"authorization\": \"REPLACE_KEY_VALUE\"\n}\n\nresponse = requests.request(\"POST\", url, json=payload, headers=headers)\n\nprint(response.text)" + }, + { + "lang": "Shell + Curl", + "source": "curl --request POST \\\n --url http://undefinedundefined/code/code/api/v1/pipeline-risks \\\n --header 'authorization: REPLACE_KEY_VALUE' \\\n --header 'content-type: application/json' \\\n --data '{\"categories\":[\"string\"],\"endDate\":\"string\",\"levels\":[\"string\"],\"names\":[\"string\"],\"repositoryIds\":[\"string\"],\"severities\":[\"string\"],\"startDate\":\"string\",\"status\":\"string\",\"systems\":[\"string\"]}'" + } + ] + } + }, + "/code/code/api/v1/pipeline-risks/{policyId}/alerts": { + "post": { + "description": "Get CI/CD risk events by status (open, suppressed, fixed)", + "operationId": "pipelineRisksGetAlertsByPolicy", + "parameters": [ + { + "description": "- CI/CD Risk policy ID", + "in": "path", + "name": "policyId", + "required": true, + "schema": { "type": "string" } + }, + { + "in": "query", + "name": "limit", + "required": false, + "schema": { + "format": "int32", + "maximum": 100, + "minimum": 1, + "type": "integer" + } + }, + { + "in": "query", + "name": "offset", + "required": false, + "schema": { "format": "int32", "minimum": 0, "type": "integer" } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "properties": { + "endDate": { "type": "string" }, + "repositoryIds": { + "items": { "type": "string" }, + "type": "array" + }, + "startDate": { "type": "string" }, + "status": { + "description": "CI/CD Riks status: [`open`, `suppressed`, `fixed`]", + "type": "string" + } + }, + "required": ["status"], + "type": "object" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GetAlertsDataResponse" + } + } + }, + "description": "Ok" + }, + "422": { "description": "Request arguments validation error" } + }, + "security": [{ "CustomAuthorizer": [] }], + "summary": "Get CI/CD Risk Events", + "tags": ["CI-CD Risks"], + "x-codeSamples": [ + { + "lang": "Python + Requests", + "source": "import requests\n\nurl = \"http://undefinedundefined/code/code/api/v1/pipeline-risks/{policyId}/alerts\"\n\nquerystring = {\"limit\":\"SOME_INTEGER_VALUE\",\"offset\":\"SOME_INTEGER_VALUE\"}\n\npayload = {\n \"endDate\": \"string\",\n \"repositoryIds\": [\"string\"],\n \"startDate\": \"string\",\n \"status\": \"string\"\n}\nheaders = {\n \"content-type\": \"application/json\",\n \"authorization\": \"REPLACE_KEY_VALUE\"\n}\n\nresponse = requests.request(\"POST\", url, json=payload, headers=headers, params=querystring)\n\nprint(response.text)" + }, + { + "lang": "Shell + Curl", + "source": "curl --request POST \\\n --url 'http://undefinedundefined/code/code/api/v1/pipeline-risks/{policyId}/alerts?limit=SOME_INTEGER_VALUE&offset=SOME_INTEGER_VALUE' \\\n --header 'authorization: REPLACE_KEY_VALUE' \\\n --header 'content-type: application/json' \\\n --data '{\"endDate\":\"string\",\"repositoryIds\":[\"string\"],\"startDate\":\"string\",\"status\":\"string\"}'" + } + ] + } + }, + "/code/code/api/v1/pipeline-risks/{policyId}/details": { + "get": { + "description": "Get CI/CD risk details by policy ID", + "operationId": "pipelineRisksGetDetailsByPolicyGet", + "parameters": [ + { + "description": "- CI/CD Risk policy ID", + "in": "path", + "name": "policyId", + "required": true, + "schema": { "type": "string" } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GetRiskDetailsDataResponse" + } + } + }, + "description": "Ok" + }, + "422": { "description": "Request arguments validation error" } + }, + "security": [{ "CustomAuthorizer": [] }], + "summary": "Get CI/CD Risk Details", + "tags": ["CI-CD Risks"], + "x-codeSamples": [ + { + "lang": "Python + Requests", + "source": "import requests\n\nurl = \"http://undefinedundefined/code/code/api/v1/pipeline-risks/{policyId}/details\"\n\nheaders = {\"authorization\": \"REPLACE_KEY_VALUE\"}\n\nresponse = requests.request(\"GET\", url, headers=headers)\n\nprint(response.text)" + }, + { + "lang": "Shell + Curl", + "source": "curl --request GET \\\n --url http://undefinedundefined/code/code/api/v1/pipeline-risks/{policyId}/details \\\n --header 'authorization: REPLACE_KEY_VALUE'" + } + ] + } + }, + "/code/code/api/v1/pipeline-risks/suppress": { + "put": { + "description": "Suppress CI/CD risk events by event ID", + "operationId": "pipelineRisksSuppressEvents", + "parameters": [], + "requestBody": { + "content": { + "application/json": { + "schema": { + "properties": { + "ids": { + "description": "CI/CD risk event ID", + "items": { "type": "string" }, + "type": "array" + } + }, + "required": ["ids"], + "type": "object" + } + } + }, + "required": true + }, + "responses": { + "204": { "description": "No content" }, + "422": { "description": "Request arguments validation error" } + }, + "security": [{ "CustomAuthorizer": [] }], + "summary": "Suppress CI/CD Risk Events", + "tags": ["CI-CD Risks"], + "x-codeSamples": [ + { + "lang": "Python + Requests", + "source": "import requests\n\nurl = \"http://undefinedundefined/code/code/api/v1/pipeline-risks/suppress\"\n\npayload = {\"ids\": [\"string\"]}\nheaders = {\n \"content-type\": \"application/json\",\n \"authorization\": \"REPLACE_KEY_VALUE\"\n}\n\nresponse = requests.request(\"PUT\", url, json=payload, headers=headers)\n\nprint(response.text)" + }, + { + "lang": "Shell + Curl", + "source": "curl --request PUT \\\n --url http://undefinedundefined/code/code/api/v1/pipeline-risks/suppress \\\n --header 'authorization: REPLACE_KEY_VALUE' \\\n --header 'content-type: application/json' \\\n --data '{\"ids\":[\"string\"]}'" + } + ] + } + }, + "/code/code/api/v1/pipeline-risks/unsuppress": { + "put": { + "description": "Unsuppress CI/CD risk events by event ID", + "operationId": "pipelineRisksUnsuppressEvents", + "parameters": [], + "requestBody": { + "content": { + "application/json": { + "schema": { + "properties": { + "ids": { + "description": "CI/CD risk event ID", + "items": { "type": "string" }, + "type": "array" + } + }, + "required": ["ids"], + "type": "object" + } + } + }, + "required": true + }, + "responses": { + "204": { "description": "No content" }, + "422": { "description": "Request arguments validation error" } + }, + "security": [{ "CustomAuthorizer": [] }], + "summary": "Unsuppress CI/CD Risk Events", + "tags": ["CI-CD Risks"], + "x-codeSamples": [ + { + "lang": "Python + Requests", + "source": "import requests\n\nurl = \"http://undefinedundefined/code/code/api/v1/pipeline-risks/unsuppress\"\n\npayload = {\"ids\": [\"string\"]}\nheaders = {\n \"content-type\": \"application/json\",\n \"authorization\": \"REPLACE_KEY_VALUE\"\n}\n\nresponse = requests.request(\"PUT\", url, json=payload, headers=headers)\n\nprint(response.text)" + }, + { + "lang": "Shell + Curl", + "source": "curl --request PUT \\\n --url http://undefinedundefined/code/code/api/v1/pipeline-risks/unsuppress \\\n --header 'authorization: REPLACE_KEY_VALUE' \\\n --header 'content-type: application/json' \\\n --data '{\"ids\":[\"string\"]}'" + } + ] + } + } + }, + "servers": null, + "tags": [{ "name": "CI-CD Risks" }] +} diff --git a/openapi-specs/code/CheckovVersion.json b/openapi-specs/code/CheckovVersion.json index 5d9d40fb3..4765581b3 100644 --- a/openapi-specs/code/CheckovVersion.json +++ b/openapi-specs/code/CheckovVersion.json @@ -57,7 +57,7 @@ } }, "security": [], - "summary": "Get the current checkov version being run by Prisma Cloud Application Security", + "summary": "Get Current Checkov Version", "tags": ["CheckovVersion"], "x-codeSamples": [ { diff --git a/openapi-specs/code/CodeFixes.json b/openapi-specs/code/CodeFixes.json index 574aff475..f20ab502b 100644 --- a/openapi-specs/code/CodeFixes.json +++ b/openapi-specs/code/CodeFixes.json @@ -151,7 +151,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Fix infrastructure as code configuration errors", + "summary": "Fix Infrastructure as Code Configuration Errors", "tags": ["CodeFixes"], "x-codeSamples": [ { diff --git a/openapi-specs/code/DevelopmentPipeline.json b/openapi-specs/code/DevelopmentPipeline.json index c1b7eaa6b..e325b5fdd 100644 --- a/openapi-specs/code/DevelopmentPipeline.json +++ b/openapi-specs/code/DevelopmentPipeline.json @@ -330,7 +330,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Get Code review runs data", + "summary": "Get Code Review Runs Data", "tags": ["Development Pipeline"], "x-codeSamples": [ { @@ -438,7 +438,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Get integrated VCS repositories metadata", + "summary": "Get Integrated VCS Repositories Metadata", "tags": ["Development Pipeline"], "x-codeSamples": [ { diff --git a/openapi-specs/code/Packages.json b/openapi-specs/code/Packages.json index cf5b3ca36..9653dd5af 100644 --- a/openapi-specs/code/Packages.json +++ b/openapi-specs/code/Packages.json @@ -284,7 +284,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Get the packages related to a file", + "summary": "Get Packages Related to a File", "tags": ["Packages"], "x-codeSamples": [ { @@ -363,7 +363,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Get the direct sub-dependencies packages by source package.", + "summary": "Get Direct Sub-dependency Packages by Source Package", "tags": ["Packages"], "x-codeSamples": [ { @@ -420,7 +420,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Get a package.", + "summary": "Get Package", "tags": ["Packages"], "x-codeSamples": [ { @@ -485,7 +485,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Searching for packages.", + "summary": "Search Packages", "tags": ["Packages"], "x-codeSamples": [ { @@ -580,7 +580,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Get cves by package uuid.", + "summary": "Get CVEs by Package UUID", "tags": ["Packages"], "x-codeSamples": [ { diff --git a/openapi-specs/code/PackagesAlerts.json b/openapi-specs/code/PackagesAlerts.json index 1b04f287b..8c56af1a7 100644 --- a/openapi-specs/code/PackagesAlerts.json +++ b/openapi-specs/code/PackagesAlerts.json @@ -624,7 +624,7 @@ } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Alert items list for licenses", + "summary": "Alert Items List for Licenses", "tags": ["PackagesAlerts"], "x-codeSamples": [ { @@ -699,7 +699,7 @@ } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Alert items list for packages", + "summary": "Alert Items List for Packages", "tags": ["PackagesAlerts"], "x-codeSamples": [ { @@ -772,7 +772,7 @@ } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Alert items list for policies", + "summary": "Alert Items List for Policies", "tags": ["PackagesAlerts"], "x-codeSamples": [ { diff --git a/openapi-specs/code/Policies.json b/openapi-specs/code/Policies.json index 4b94fa1a0..8e25aa909 100644 --- a/openapi-specs/code/Policies.json +++ b/openapi-specs/code/Policies.json @@ -3629,7 +3629,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Validate policies - code-based", + "summary": "Validate Policies - Code-based", "tags": ["Policies"], "x-codeSamples": [ { @@ -3694,7 +3694,7 @@ "500": { "description": "Failed to create new policy" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Save new policy", + "summary": "Save New Policy", "tags": ["Policies"], "x-amazon-apigateway-integration": { "httpMethod": "POST", @@ -3890,7 +3890,7 @@ } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Get custom policies table data", + "summary": "Get Custom Policies Table Data", "tags": ["Policies"], "x-codeSamples": [ { @@ -3962,7 +3962,7 @@ "500": { "description": "Could not update policy" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Update policy", + "summary": "Update Policy", "tags": ["Policies"], "x-amazon-apigateway-integration": { "httpMethod": "POST", @@ -4034,7 +4034,7 @@ "500": { "description": "Could not remove policy" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Delete policy", + "summary": "Delete Policy", "tags": ["Policies"], "x-amazon-apigateway-integration": { "httpMethod": "POST", diff --git a/openapi-specs/code/Remediations.json b/openapi-specs/code/Remediations.json index b6f1e9e5c..ec4b3e371 100644 --- a/openapi-specs/code/Remediations.json +++ b/openapi-specs/code/Remediations.json @@ -128,7 +128,7 @@ "500": { "description": "Failed to commit and push to pull request" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Remediation for build time", + "summary": "Remediation for Build time", "tags": ["Remediations"], "x-codeSamples": [ { @@ -172,7 +172,7 @@ "500": { "description": "Failed to get remediation fix" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Get Remediation fix code", + "summary": "Get Remediation Fix Code", "tags": ["Remediations"], "x-codeSamples": [ { @@ -215,7 +215,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Get file for remediation", + "summary": "Get File for Remediation", "tags": ["Remediations"], "x-codeSamples": [ { diff --git a/openapi-specs/code/Repositories.json b/openapi-specs/code/Repositories.json index f5ae3490b..ae34f373d 100644 --- a/openapi-specs/code/Repositories.json +++ b/openapi-specs/code/Repositories.json @@ -12,7 +12,7 @@ "type": "apiKey", "x-amazon-apigateway-authorizer": { "authorizerResultTtlInSeconds": 0, - "authorizerUri": "arn:aws:apigateway:{Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:{Region}:{AccountId}:function:bc-authorization-authorizer-{UniqueTag}{Alias}/invocations", + "authorizerUri": "arn:aws:apigateway:{Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:{Region}:{AccountId}:function:bc-authorization-v2-authorizer-{UniqueTag}{Alias}/invocations", "identitySource": "method.request.header.authorization", "type": "request" }, @@ -42,6 +42,43 @@ "required": ["source", "branches"], "type": "object" }, + "CIType": { + "enum": ["githubActions", "circleci", "codebuild", "jenkins"], + "type": "string" + }, + "CiInstancesHash": { + "additionalProperties": { + "$ref": "#/components/schemas/ICiInstanceInfo" + }, + "properties": {}, + "type": "object" + }, + "Contributor": { + "properties": { + "contributionsCounts": { + "description": "Number of contributions", + "format": "double", + "type": "number" + }, + "id": { "type": "string" }, + "lastPush": { "format": "double", "type": "number" }, + "name": { "description": "Contributor name", "type": "string" }, + "permission": { + "description": "Contributor permission", + "type": "string" + } + }, + "required": ["contributionsCounts", "name", "id"], + "type": "object" + }, + "DockerImage": { + "properties": { + "imageName": { "type": "string" }, + "repoName": { "type": "string" } + }, + "required": ["repoName", "imageName"], + "type": "object" + }, "GetRepositorySearchResponse": { "additionalProperties": false, "properties": { @@ -54,6 +91,222 @@ "required": ["data", "hasNext"], "type": "object" }, + "ICiInstanceInfo": { + "additionalProperties": false, + "properties": { + "ciType": { + "$ref": "#/components/schemas/CIType", + "description": "CI pipeline type" + }, + "customerName": { + "description": "Customer Prisma ID", + "type": "string" + }, + "id": { "type": "string" }, + "name": { "description": "CI pipeline name", "type": "string" }, + "pipelines": { + "items": { "$ref": "#/components/schemas/PipelineInfo" }, + "type": "array" + } + }, + "required": ["ciType", "customerName", "id", "name", "pipelines"], + "type": "object" + }, + "IVCSRepository": { + "additionalProperties": false, + "properties": { + "casId": { "type": "string" }, + "ciFiles": { + "description": "CI files path", + "items": { "type": "string" }, + "type": "array" + }, + "customerName": { + "description": "Customer Prisma ID", + "type": "string" + }, + "defaultBranch": { + "description": "Default branch", + "type": "string" + }, + "defaultGithubActionsWorkflowPermission": { + "enum": ["read", "write"], + "type": "string" + }, + "failedCustomerPRs": { "format": "double", "type": "number" }, + "fullName": { + "description": "Repository full name", + "type": "string" + }, + "hasCoderOwner": { + "description": "Repository contains code owner file (True/False)", + "type": "boolean" + }, + "id": { "description": "VCS repository ID", "type": "string" }, + "isAllGithubActionsAllowed": { "type": "boolean" }, + "isArchived": { + "description": "Archived repository (True/False)", + "type": "boolean" + }, + "isForkingAllowed": { + "description": "Is forking allowed in the repository", + "type": "boolean" + }, + "isGithubActionsEnabled": { + "description": "Is Github Actions enabled in the repository", + "type": "boolean" + }, + "isRequiresCommitSignatures": { "type": "boolean" }, + "isRequiresStatusChecks": { "type": "boolean" }, + "isRestrictsPushes": { "type": "boolean" }, + "lastUpdated": { + "description": "VCS Repository last update time", + "type": "string" + }, + "name": { + "description": "VCS Repository short name", + "type": "string" + }, + "openFixPRs": { "format": "double", "type": "number" }, + "originId": { "type": "string" }, + "privacyLevel": { + "$ref": "#/components/schemas/RepositoryPrivacyLabel" + }, + "provider": { "$ref": "#/components/schemas/RepositoryProvider" }, + "repositorySize": { + "description": "VCS Repository size", + "format": "double", + "type": "number" + }, + "sessionId": { "type": "string" }, + "totalCommitsCount": { + "description": "Total commits count", + "format": "double", + "type": "number" + }, + "totalContributorsCount": { + "description": "Total contributors count", + "format": "double", + "type": "number" + }, + "totalCustomerPRs": { "format": "double", "type": "number" }, + "type": { + "enum": ["VCSRepository"], + "nullable": false, + "type": "string" + }, + "url": { "description": "VCS Repository URL", "type": "string" }, + "workspaceId": { + "description": "VCS workspace/integration ID", + "type": "string" + }, + "workspaceName": { + "description": "VCS workspace/integration name", + "type": "string" + } + }, + "required": [ + "id", + "customerName", + "type", + "failedCustomerPRs", + "totalCustomerPRs", + "ciFiles", + "url", + "casId" + ], + "type": "object" + }, + "Issues": { + "allOf": [ + { "$ref": "#/components/schemas/SeverityIssues" }, + { + "properties": { + "moduleName": { "$ref": "#/components/schemas/SecurityModule" } + }, + "type": "object" + } + ] + }, + "ModuleIssues": { + "properties": { + "CICD": { + "allOf": [ + { "$ref": "#/components/schemas/SeverityIssues" }, + { + "properties": { + "TOTAL": { "format": "double", "type": "number" } + }, + "required": ["TOTAL"], + "type": "object" + } + ] + }, + "IAC": { + "allOf": [ + { "$ref": "#/components/schemas/SeverityIssues" }, + { + "properties": { + "TOTAL": { "format": "double", "type": "number" } + }, + "required": ["TOTAL"], + "type": "object" + } + ] + }, + "SCA": { + "allOf": [ + { "$ref": "#/components/schemas/SeverityIssues" }, + { + "properties": { + "TOTAL": { "format": "double", "type": "number" } + }, + "required": ["TOTAL"], + "type": "object" + } + ] + }, + "SECRETS": { + "allOf": [ + { "$ref": "#/components/schemas/SeverityIssues" }, + { + "properties": { + "TOTAL": { "format": "double", "type": "number" } + }, + "required": ["TOTAL"], + "type": "object" + } + ] + } + }, + "type": "object" + }, + "OrderBy": { + "properties": { + "fieldName": { "type": "string" }, + "isAsc": { "type": "boolean" }, + "type": { "type": "string" } + }, + "required": ["isAsc", "type", "fieldName"], + "type": "object" + }, + "Pagination": { + "properties": { + "page": { "format": "double", "type": "number" }, + "pageSize": { "format": "double", "type": "number" } + }, + "required": ["pageSize", "page"], + "type": "object" + }, + "PipelineInfo": { + "properties": { + "instance": { "type": "string" }, + "pipeline": { "type": "string" }, + "system": { "type": "string" } + }, + "required": ["pipeline", "system", "instance"], + "type": "object" + }, "QueryRepositoriesRequest": { "additionalProperties": false, "properties": { @@ -62,6 +315,87 @@ "required": ["repositoriesIds"], "type": "object" }, + "RdsRepoInfo": { + "properties": { + "casId": { "type": "string" }, + "categorizedTechnologies": { + "$ref": "#/components/schemas/Technologies" + }, + "ciFiles": { "items": { "type": "string" }, "type": "array" }, + "ciInstances": { "$ref": "#/components/schemas/CiInstancesHash" }, + "contributors": { + "items": { "$ref": "#/components/schemas/Contributor" }, + "type": "array" + }, + "contributorsCount": { "format": "double", "type": "number" }, + "customerName": { "type": "string" }, + "defaultBranch": { "type": "string" }, + "fullName": { "type": "string" }, + "hasCoderOwner": { "type": "boolean" }, + "id": { "type": "string" }, + "images": { "items": { "type": "string" }, "type": "array" }, + "integrationId": { "type": "string" }, + "isArchived": { "type": "boolean" }, + "issues": { "$ref": "#/components/schemas/ModuleIssues" }, + "lastCommitTimestamp": { "format": "double", "type": "number" }, + "lastUpdated": { "type": "string" }, + "metadata": { + "properties": { + "runtimeImagesMetadata": { + "items": { + "additionalProperties": { + "anyOf": [{ "type": "string" }, { "type": "boolean" }] + }, + "properties": {}, + "type": "object" + }, + "type": "array" + }, + "scansMetadata": { + "additionalProperties": { + "anyOf": [{ "type": "string" }, { "type": "boolean" }] + }, + "properties": {}, + "type": "object" + } + }, + "required": ["runtimeImagesMetadata", "scansMetadata"], + "type": "object" + }, + "name": { "type": "string" }, + "privacyLevel": { + "$ref": "#/components/schemas/RepositoryPrivacyLabel" + }, + "provider": { "$ref": "#/components/schemas/RepositoryProvider" }, + "repositorySize": { "format": "double", "type": "number" }, + "riskFactors": { "$ref": "#/components/schemas/RiskFactors" }, + "source": { "$ref": "#/components/schemas/SourceTypes" }, + "totalCommitsCount": { "format": "double", "type": "number" }, + "url": { "type": "string" }, + "weeklyCommitOnPrs": { + "items": { "$ref": "#/components/schemas/WeeklyCommitOnPrs" }, + "type": "array" + }, + "workspaceId": { "type": "string" }, + "workspaceName": { "type": "string" } + }, + "required": [ + "metadata", + "images", + "integrationId", + "source", + "customerName", + "url", + "provider", + "fullName", + "name", + "isArchived", + "defaultBranch", + "casId", + "id" + ], + "type": "object" + }, "RepoIdToRepoName": { "additionalProperties": false, "properties": { @@ -71,6 +405,109 @@ "required": ["id", "repository"], "type": "object" }, + "RepoInfo": { + "allOf": [ + { "$ref": "#/components/schemas/IVCSRepository" }, + { + "properties": { + "categorizedTechnologies": { + "$ref": "#/components/schemas/Technologies" + }, + "ciInstances": { + "additionalProperties": { + "$ref": "#/components/schemas/ICiInstanceInfo" + }, + "properties": {}, + "type": "object" + }, + "contributors": { + "items": { "$ref": "#/components/schemas/Contributor" }, + "type": "array" + }, + "contributorsCount": { "format": "double", "type": "number" }, + "dockerImages": { + "items": { "$ref": "#/components/schemas/DockerImage" }, + "type": "array" + }, + "issues": { "$ref": "#/components/schemas/Issues" }, + "weeklyCommitOnPrs": { + "items": { "$ref": "#/components/schemas/WeeklyCommitOnPR" }, + "type": "array" + } + }, + "required": ["weeklyCommitOnPrs", "issues"], + "type": "object" + } + ] + }, + "RepoRequestBody": { + "properties": { + "filters": { "$ref": "#/components/schemas/RepoRequestFilters" }, + "orderBy": { "$ref": "#/components/schemas/OrderBy" }, + "pageConfig": { "$ref": "#/components/schemas/Pagination" } + }, + "type": "object" + }, + "RepoRequestFilters": { + "properties": { + "archived": { + "description": "An array with length of 1 containing either ‘true’ or ‘false’, filter between archived and not archived repositories", + "items": { "type": "string" }, + "type": "array" + }, + "casIds": { "items": { "type": "string" }, "type": "array" }, + "ciFiles": { + "description": "CI files path", + "items": { "type": "string" }, + "type": "array" + }, + "customerName": { "type": "string" }, + "ids": { + "description": "VCS repository IDs", + "items": { "type": "string" }, + "type": "array" + }, + "images": { "items": { "type": "string" }, "type": "array" }, + "issues": { + "description": "Issues enum: [`IAC`, `SCA`, `SECRETS`, `CICD`, `SAST`]\nFilter repositories containing issues of the requested type", + "items": { "type": "string" }, + "type": "array" + }, + "lastUpdated": { "format": "date-time", "type": "string" }, + "name": { + "description": "Search repositories by free text", + "type": "string" + }, + "pipelines": { + "description": "Get all repositories linked to the specified pipelines", + "items": { "type": "string" }, + "type": "array" + }, + "privacyLevels": { + "items": { "$ref": "#/components/schemas/RepositoryPrivacyLabel" }, + "type": "array" + }, + "providers": { + "items": { "$ref": "#/components/schemas/RepositoryProvider" }, + "type": "array" + }, + "riskFactors": { + "items": { "$ref": "#/components/schemas/RiskFactorsType" }, + "type": "array" + }, + "technologies": { + "description": "Get repositories that make use of the specified technologies", + "items": { "type": "string" }, + "type": "array" + }, + "workspaceIds": { + "description": "Array of repository owners, filter all repositories owned by specified owners", + "items": { "type": "string" }, + "type": "array" + } + }, + "type": "object" + }, "RepositoriesResponse": { "additionalProperties": false, "properties": { @@ -101,7 +538,7 @@ "lastScanDate": { "type": "string" }, "owner": { "type": "string" }, "repository": { "type": "string" }, - "selected": { "enum": [true], "nullable": false, "type": "boolean" }, + "selected": { "type": "boolean" }, "source": { "type": "string" }, "url": { "type": "string" } }, @@ -115,6 +552,139 @@ ], "type": "object" }, + "RepositoryPrivacyLabel": { + "enum": ["public", "private", "internal"], + "nullable": true, + "type": "string" + }, + "RepositoryProvider": { "type": "string" }, + "RiskFactors": { + "properties": { + "isInternetExpose": { "type": "boolean" }, + "isRepositoryDeployed": { "type": "boolean" } + }, + "type": "object" + }, + "RiskFactorsType": { + "enum": ["isInternetExpose", "isRepositoryDeployed"], + "type": "string" + }, + "SecurityModule": { + "enum": ["IAC", "SCA", "SECRETS", "CICD"], + "type": "string" + }, + "SeverityIssues": { + "properties": { + "CRITICAL": { + "anyOf": [ + { "format": "double", "type": "number" }, + { "$ref": "#/components/schemas/SecurityModule" } + ] + }, + "HIGH": { + "anyOf": [ + { "format": "double", "type": "number" }, + { "$ref": "#/components/schemas/SecurityModule" } + ] + }, + "INFO": { + "anyOf": [ + { "format": "double", "type": "number" }, + { "$ref": "#/components/schemas/SecurityModule" } + ] + }, + "LOW": { + "anyOf": [ + { "format": "double", "type": "number" }, + { "$ref": "#/components/schemas/SecurityModule" } + ] + }, + "MEDIUM": { + "anyOf": [ + { "format": "double", "type": "number" }, + { "$ref": "#/components/schemas/SecurityModule" } + ] + } + }, + "type": "object" + }, + "SourceTypes": { + "enum": [ + "admissionController", + "AlibabaCloud", + "AWS", + "Azure", + "AzureOnPrem", + "AzureRepos", + "Bitbucket", + "bitbucketEnterprise", + "circleci", + "cli", + "codebuild", + "GCP", + "Github", + "githubActions", + "githubEnterprise", + "Gitlab", + "gitlabEnterprise", + "jenkins", + "Kubernetes", + "kubernetesWorkloads", + "terraformCloud", + "terraformEnterprise", + "tfcRunTasks", + "tfeRunTasks", + "Transporter", + "OnPrem" + ], + "type": "string" + }, + "Technologies": { + "properties": { + "CICD": { "$ref": "#/components/schemas/Technology" }, + "Configuration": { "$ref": "#/components/schemas/Technology" }, + "Data": { "$ref": "#/components/schemas/Technology" }, + "Devops": { "$ref": "#/components/schemas/Technology" }, + "Documentation": { "$ref": "#/components/schemas/Technology" }, + "License": { "$ref": "#/components/schemas/Technology" }, + "Markup": { "$ref": "#/components/schemas/Technology" }, + "PackageManager": { "$ref": "#/components/schemas/Technology" }, + "Programming": { "$ref": "#/components/schemas/Technology" }, + "Prose": { "$ref": "#/components/schemas/Technology" }, + "Unknown": { "$ref": "#/components/schemas/Technology" } + }, + "type": "object" + }, + "Technology": { + "additionalProperties": { + "properties": { + "detectedDate": { "format": "date-time", "type": "string" }, + "percentage": { "format": "double", "type": "number" } + }, + "required": ["detectedDate"], + "type": "object" + }, + "properties": {}, + "type": "object" + }, + "WeeklyCommitOnPR": { + "properties": { + "branchName": { "type": "string" }, + "currWeeklyCommits": { "format": "double", "type": "number" }, + "prevWeeklyCommits": { "format": "double", "type": "number" } + }, + "required": ["prevWeeklyCommits", "currWeeklyCommits", "branchName"], + "type": "object" + }, + "WeeklyCommitOnPrs": { + "properties": { + "branchName": { "type": "string" }, + "currWeeklyCommits": { "format": "double", "type": "number" }, + "prevWeeklyCommits": { "format": "double", "type": "number" } + }, + "required": ["prevWeeklyCommits", "currWeeklyCommits", "branchName"], + "type": "object" + }, "integrationResponse": { "additionalProperties": false, "properties": { @@ -230,16 +800,22 @@ "500": { "description": "Could not fetch Repositories for customer" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "List repository list", + "summary": "List Repository List", "tags": ["Repositories"], + "x-bc-required-permissions": [ + "CCSProjects_READ", + "CCSDevelopmentPipelinesCodeReviews_READ", + "CCSDevelopmentPipelinesProjects_READ", + "CCSSupplyChain_READ" + ], "x-codeSamples": [ { "lang": "Python + Requests", - "source": "import requests\n\nurl = \"https://api.prismacloud.io/code/api/v1/repositories\"\n\nquerystring = {\"errorsCount\":\"SOME_STRING_VALUE\"}\n\nheaders = {\"authorization\": \"REPLACE_KEY_VALUE\"}\n\nresponse = requests.request(\"GET\", url, headers=headers, params=querystring)\n\nprint(response.text)" + "source": "import requests\n\nurl = \"http://undefinedundefined/code/api/v1/repositories\"\n\nquerystring = {\"errorsCount\":\"SOME_STRING_VALUE\"}\n\nheaders = {\"authorization\": \"REPLACE_KEY_VALUE\"}\n\nresponse = requests.request(\"GET\", url, headers=headers, params=querystring)\n\nprint(response.text)" }, { "lang": "Shell + Curl", - "source": "curl --request GET \\\n --url 'https://api.prismacloud.io/code/api/v1/repositories?errorsCount=SOME_STRING_VALUE' \\\n --header 'authorization: REPLACE_KEY_VALUE'" + "source": "curl --request GET \\\n --url 'http://undefinedundefined/code/api/v1/repositories?errorsCount=SOME_STRING_VALUE' \\\n --header 'authorization: REPLACE_KEY_VALUE'" } ] }, @@ -269,16 +845,83 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Integrate multiple repositories", + "summary": "Integrate Multiple Repositories", + "tags": ["Repositories"], + "x-codeSamples": [ + { + "lang": "Python + Requests", + "source": "import requests\n\nurl = \"http://undefinedundefined/code/api/v1/repositories\"\n\npayload = {\n \"data\": [\"string\"],\n \"id\": \"string\",\n \"type\": \"github\"\n}\nheaders = {\n \"content-type\": \"application/json\",\n \"authorization\": \"REPLACE_KEY_VALUE\"\n}\n\nresponse = requests.request(\"POST\", url, json=payload, headers=headers)\n\nprint(response.text)" + }, + { + "lang": "Shell + Curl", + "source": "curl --request POST \\\n --url http://undefinedundefined/code/api/v1/repositories \\\n --header 'authorization: REPLACE_KEY_VALUE' \\\n --header 'content-type: application/json' \\\n --data '{\"data\":[\"string\"],\"id\":\"string\",\"type\":\"github\"}'" + } + ] + } + }, + "/code/api/v1/repositories/branches": { + "get": { + "description": "Get a list with all the repositories branches for the requesting customer\nThe returned branches are branches that has at list one CICD runs\neach branches item includes: name, creationDate, CICD status", + "operationId": "getBranches", + "parameters": [ + { + "in": "query", + "name": "repoOwner", + "required": true, + "schema": { "type": "string" } + }, + { + "in": "query", + "name": "repoName", + "required": true, + "schema": { "type": "string" } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "examples": { + "Example 1": { + "value": { + "branches": [ + { + "creationDate": "2021-07-13T14:22:53.964Z", + "defaultBranch": false, + "name": "some_branch" + }, + { + "creationDate": null, + "defaultBranch": true, + "name": "master" + } + ], + "source": "Gitlab" + } + } + }, + "schema": { "$ref": "#/components/schemas/BranchesResponse" } + } + }, + "description": "repository branches" + }, + "400": { + "description": "Could not get branches, check GET query params" + }, + "422": { "description": "Request arguments validation error" }, + "500": { "description": "Could not fetch Repositories for customer" } + }, + "security": [{ "CustomAuthorizer": [] }], + "summary": "Get Repository Branches with CICD Runs", "tags": ["Repositories"], "x-codeSamples": [ { "lang": "Python + Requests", - "source": "import requests\n\nurl = \"https://api.prismacloud.io/code/api/v1/repositories\"\n\npayload = {\n \"data\": [\"string\"],\n \"id\": \"string\",\n \"type\": \"github\"\n}\nheaders = {\n \"content-type\": \"application/json\",\n \"authorization\": \"REPLACE_KEY_VALUE\"\n}\n\nresponse = requests.request(\"POST\", url, json=payload, headers=headers)\n\nprint(response.text)" + "source": "import requests\n\nurl = \"http://undefinedundefined/code/api/v1/repositories/branches\"\n\nquerystring = {\"repoOwner\":\"SOME_STRING_VALUE\",\"repoName\":\"SOME_STRING_VALUE\"}\n\nheaders = {\"authorization\": \"REPLACE_KEY_VALUE\"}\n\nresponse = requests.request(\"GET\", url, headers=headers, params=querystring)\n\nprint(response.text)" }, { "lang": "Shell + Curl", - "source": "curl --request POST \\\n --url https://api.prismacloud.io/code/api/v1/repositories \\\n --header 'authorization: REPLACE_KEY_VALUE' \\\n --header 'content-type: application/json' \\\n --data '{\"data\":[\"string\"],\"id\":\"string\",\"type\":\"github\"}'" + "source": "curl --request GET \\\n --url 'http://undefinedundefined/code/api/v1/repositories/branches?repoOwner=SOME_STRING_VALUE&repoName=SOME_STRING_VALUE' \\\n --header 'authorization: REPLACE_KEY_VALUE'" } ] } @@ -337,83 +980,16 @@ } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Get a repository name to UUID mapping of the requested UUIDs", + "summary": "Get Repository Name to UUID Mapping of Requested UUIDs", "tags": ["Repositories"], "x-codeSamples": [ { "lang": "Python + Requests", - "source": "import requests\n\nurl = \"https://api.prismacloud.io/code/api/v1/repositories/query\"\n\npayload = {\"repositoriesIds\": [\"string\"]}\nheaders = {\n \"content-type\": \"application/json\",\n \"authorization\": \"REPLACE_KEY_VALUE\"\n}\n\nresponse = requests.request(\"POST\", url, json=payload, headers=headers)\n\nprint(response.text)" + "source": "import requests\n\nurl = \"http://undefinedundefined/code/api/v1/repositories/query\"\n\npayload = {\"repositoriesIds\": [\"string\"]}\nheaders = {\n \"content-type\": \"application/json\",\n \"authorization\": \"REPLACE_KEY_VALUE\"\n}\n\nresponse = requests.request(\"POST\", url, json=payload, headers=headers)\n\nprint(response.text)" }, { "lang": "Shell + Curl", - "source": "curl --request POST \\\n --url https://api.prismacloud.io/code/api/v1/repositories/query \\\n --header 'authorization: REPLACE_KEY_VALUE' \\\n --header 'content-type: application/json' \\\n --data '{\"repositoriesIds\":[\"string\"]}'" - } - ] - } - }, - "/code/api/v1/repositories/branches": { - "get": { - "description": "Get a list with all the repositories branches for the requesting customer\nThe returned branches are branches that has at list one CICD runs\neach branches item includes: name, creationDate, CICD status", - "operationId": "getBranches", - "parameters": [ - { - "in": "query", - "name": "repoOwner", - "required": true, - "schema": { "type": "string" } - }, - { - "in": "query", - "name": "repoName", - "required": true, - "schema": { "type": "string" } - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "examples": { - "Example 1": { - "value": { - "branches": [ - { - "creationDate": "2021-07-13T14:22:53.964Z", - "defaultBranch": false, - "name": "some_branch" - }, - { - "creationDate": null, - "defaultBranch": true, - "name": "master" - } - ], - "source": "Gitlab" - } - } - }, - "schema": { "$ref": "#/components/schemas/BranchesResponse" } - } - }, - "description": "repository branches" - }, - "400": { - "description": "Could not get branches, check GET query params" - }, - "422": { "description": "Request arguments validation error" }, - "500": { "description": "Could not fetch Repositories for customer" } - }, - "security": [{ "CustomAuthorizer": [] }], - "summary": "Get the repository branches (that has CICD runs)", - "tags": ["Repositories"], - "x-codeSamples": [ - { - "lang": "Python + Requests", - "source": "import requests\n\nurl = \"https://api.prismacloud.io/code/api/v1/repositories/branches\"\n\nquerystring = {\"repoOwner\":\"SOME_STRING_VALUE\",\"repoName\":\"SOME_STRING_VALUE\"}\n\nheaders = {\"authorization\": \"REPLACE_KEY_VALUE\"}\n\nresponse = requests.request(\"GET\", url, headers=headers, params=querystring)\n\nprint(response.text)" - }, - { - "lang": "Shell + Curl", - "source": "curl --request GET \\\n --url 'https://api.prismacloud.io/code/api/v1/repositories/branches?repoOwner=SOME_STRING_VALUE&repoName=SOME_STRING_VALUE' \\\n --header 'authorization: REPLACE_KEY_VALUE'" + "source": "curl --request POST \\\n --url http://undefinedundefined/code/api/v1/repositories/query \\\n --header 'authorization: REPLACE_KEY_VALUE' \\\n --header 'content-type: application/json' \\\n --data '{\"repositoriesIds\":[\"string\"]}'" } ] } @@ -507,21 +1083,72 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "search repositories", + "summary": "Search Repositories", + "tags": ["Repositories"], + "x-codeSamples": [ + { + "lang": "Python + Requests", + "source": "import requests\n\nurl = \"http://undefinedundefined/code/api/v1/repositories/search\"\n\nquerystring = {\"id\":\"SOME_STRING_VALUE\",\"selected\":\"SOME_BOOLEAN_VALUE\",\"source\":\"SOME_STRING_VALUE\",\"repoOwner\":\"SOME_STRING_VALUE\",\"repoName\":\"SOME_STRING_VALUE\",\"limit\":\"SOME_INTEGER_VALUE\",\"offset\":\"SOME_INTEGER_VALUE\"}\n\nheaders = {\"authorization\": \"REPLACE_KEY_VALUE\"}\n\nresponse = requests.request(\"GET\", url, headers=headers, params=querystring)\n\nprint(response.text)" + }, + { + "lang": "Shell + Curl", + "source": "curl --request GET \\\n --url 'http://undefinedundefined/code/api/v1/repositories/search?id=SOME_STRING_VALUE&selected=SOME_BOOLEAN_VALUE&source=SOME_STRING_VALUE&repoOwner=SOME_STRING_VALUE&repoName=SOME_STRING_VALUE&limit=SOME_INTEGER_VALUE&offset=SOME_INTEGER_VALUE' \\\n --header 'authorization: REPLACE_KEY_VALUE'" + } + ] + } + }, + "/code/api/v1/vcs-repository/repositories": { + "post": { + "description": "Get repositories page", + "operationId": "getVCSRepositoryPage", + "parameters": [], + "requestBody": { + "content": { + "application/json": { + "schema": { "$ref": "#/components/schemas/RepoRequestBody" } + } + }, + "description": "the body includes filters page configuration.", + "required": true + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "anyOf": [ + { + "items": { "$ref": "#/components/schemas/RepoInfo" }, + "type": "array" + }, + { + "items": { "$ref": "#/components/schemas/RdsRepoInfo" }, + "type": "array" + } + ] + } + } + }, + "description": "repositories" + }, + "422": { "description": "Request arguments validation error" } + }, + "security": [{ "CustomAuthorizer": [] }], + "summary": "Get Repositories Page", "tags": ["Repositories"], "x-codeSamples": [ { "lang": "Python + Requests", - "source": "import requests\n\nurl = \"https://api.prismacloud.io/code/api/v1/repositories/search\"\n\nquerystring = {\"id\":\"SOME_STRING_VALUE\",\"selected\":\"SOME_BOOLEAN_VALUE\",\"source\":\"SOME_STRING_VALUE\",\"repoOwner\":\"SOME_STRING_VALUE\",\"repoName\":\"SOME_STRING_VALUE\",\"limit\":\"SOME_INTEGER_VALUE\",\"offset\":\"SOME_INTEGER_VALUE\"}\n\nheaders = {\"authorization\": \"REPLACE_KEY_VALUE\"}\n\nresponse = requests.request(\"GET\", url, headers=headers, params=querystring)\n\nprint(response.text)" + "source": "import requests\n\nurl = \"http://undefinedundefined/code/api/v1/vcs-repository/repositories\"\n\npayload = {\n \"filters\": {\n \"archived\": [\"string\"],\n \"casIds\": [\"string\"],\n \"ciFiles\": [\"string\"],\n \"customerName\": \"string\",\n \"ids\": [\"string\"],\n \"images\": [\"string\"],\n \"issues\": [\"string\"],\n \"lastUpdated\": \"2019-08-24T14:15:22Z\",\n \"name\": \"string\",\n \"pipelines\": [\"string\"],\n \"privacyLevels\": [\"public\"],\n \"providers\": [\"string\"],\n \"riskFactors\": [\"isInternetExpose\"],\n \"technologies\": [\"string\"],\n \"workspaceIds\": [\"string\"]\n },\n \"orderBy\": {\n \"fieldName\": \"string\",\n \"isAsc\": True,\n \"type\": \"string\"\n },\n \"pageConfig\": {\n \"page\": 0,\n \"pageSize\": 0\n }\n}\nheaders = {\n \"content-type\": \"application/json\",\n \"authorization\": \"REPLACE_KEY_VALUE\"\n}\n\nresponse = requests.request(\"POST\", url, json=payload, headers=headers)\n\nprint(response.text)" }, { "lang": "Shell + Curl", - "source": "curl --request GET \\\n --url 'https://api.prismacloud.io/code/api/v1/repositories/search?id=SOME_STRING_VALUE&selected=SOME_BOOLEAN_VALUE&source=SOME_STRING_VALUE&repoOwner=SOME_STRING_VALUE&repoName=SOME_STRING_VALUE&limit=SOME_INTEGER_VALUE&offset=SOME_INTEGER_VALUE' \\\n --header 'authorization: REPLACE_KEY_VALUE'" + "source": "curl --request POST \\\n --url http://undefinedundefined/code/api/v1/vcs-repository/repositories \\\n --header 'authorization: REPLACE_KEY_VALUE' \\\n --header 'content-type: application/json' \\\n --data '{\"filters\":{\"archived\":[\"string\"],\"casIds\":[\"string\"],\"ciFiles\":[\"string\"],\"customerName\":\"string\",\"ids\":[\"string\"],\"images\":[\"string\"],\"issues\":[\"string\"],\"lastUpdated\":\"2019-08-24T14:15:22Z\",\"name\":\"string\",\"pipelines\":[\"string\"],\"privacyLevels\":[\"public\"],\"providers\":[\"string\"],\"riskFactors\":[\"isInternetExpose\"],\"technologies\":[\"string\"],\"workspaceIds\":[\"string\"]},\"orderBy\":{\"fieldName\":\"string\",\"isAsc\":true,\"type\":\"string\"},\"pageConfig\":{\"page\":0,\"pageSize\":0}}'" } ] } } }, - "servers": [{ "url": "https://api.prismacloud.io" }], + "servers": null, "tags": [{ "name": "Repositories" }] } diff --git a/openapi-specs/code/Repository.json b/openapi-specs/code/Repository.json index 544b65f65..a4a498bcf 100644 --- a/openapi-specs/code/Repository.json +++ b/openapi-specs/code/Repository.json @@ -12,7 +12,7 @@ "type": "apiKey", "x-amazon-apigateway-authorizer": { "authorizerResultTtlInSeconds": 0, - "authorizerUri": "arn:aws:apigateway:{Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:{Region}:{AccountId}:function:bc-authorization-authorizer-{UniqueTag}{Alias}/invocations", + "authorizerUri": "arn:aws:apigateway:{Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:{Region}:{AccountId}:function:bc-authorization-v2-authorizer-{UniqueTag}{Alias}/invocations", "identitySource": "method.request.header.authorization", "type": "request" }, @@ -52,7 +52,7 @@ }, "openapi": "3.0.0", "paths": { - "/code/api/v1/repositories/repository": { + "/code/code/api/v1/repositories/repository": { "get": { "description": "Retrieve a single repository.\nthe repository item includes: id, repoName, source, owner, isPublic, creationDate", "operationId": "getRepository", @@ -93,21 +93,21 @@ "500": { "description": "Could not fetch repository for customer" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "single repository list", + "summary": "Single Repository List", "tags": ["Repository"], "x-codeSamples": [ { "lang": "Python + Requests", - "source": "import requests\n\nurl = \"https://api.prismacloud.io/code/api/v1/repositories/repository\"\n\nquerystring = {\"repositoryId\":\"SOME_STRING_VALUE\"}\n\nheaders = {\"authorization\": \"REPLACE_KEY_VALUE\"}\n\nresponse = requests.request(\"GET\", url, headers=headers, params=querystring)\n\nprint(response.text)" + "source": "import requests\n\nurl = \"http://undefinedundefined/code/code/api/v1/repositories/repository\"\n\nquerystring = {\"repositoryId\":\"SOME_STRING_VALUE\"}\n\nheaders = {\"authorization\": \"REPLACE_KEY_VALUE\"}\n\nresponse = requests.request(\"GET\", url, headers=headers, params=querystring)\n\nprint(response.text)" }, { "lang": "Shell + Curl", - "source": "curl --request GET \\\n --url 'https://api.prismacloud.io/code/api/v1/repositories/repository?repositoryId=SOME_STRING_VALUE' \\\n --header 'authorization: REPLACE_KEY_VALUE'" + "source": "curl --request GET \\\n --url 'http://undefinedundefined/code/code/api/v1/repositories/repository?repositoryId=SOME_STRING_VALUE' \\\n --header 'authorization: REPLACE_KEY_VALUE'" } ] } } }, - "servers": [{ "url": "https://api.prismacloud.io" }], + "servers": null, "tags": [{ "name": "Repository" }] } diff --git a/openapi-specs/code/Rules.json b/openapi-specs/code/Rules.json index b07091ef3..e7ff73506 100644 --- a/openapi-specs/code/Rules.json +++ b/openapi-specs/code/Rules.json @@ -175,7 +175,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Get scheme for a specific account", + "summary": "Get Scheme for Specific Account", "tags": ["Rules"], "x-codeSamples": [ { @@ -207,7 +207,7 @@ } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Get all enforcement rules", + "summary": "Get All Enforcement Rules", "tags": ["Rules"], "x-codeSamples": [ { @@ -242,7 +242,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Create a new exception for Enforcement rule", + "summary": "Create New Exception for Enforcement Rule", "tags": ["Rules"], "x-codeSamples": [ { @@ -277,7 +277,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Update Enforcement rule", + "summary": "Update Enforcement Rule", "tags": ["Rules"], "x-codeSamples": [ { @@ -366,7 +366,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Get all repositories", + "summary": "Get All Repositories", "tags": ["Rules"], "x-codeSamples": [ { diff --git a/openapi-specs/code/SBOM.json b/openapi-specs/code/SBOM.json new file mode 100644 index 000000000..632e2237a --- /dev/null +++ b/openapi-specs/code/SBOM.json @@ -0,0 +1,350 @@ +{ + "components": { + "examples": {}, + "headers": {}, + "parameters": {}, + "requestBodies": {}, + "responses": {}, + "securitySchemes": { + "CustomAuthorizer": { + "in": "header", + "name": "authorization", + "type": "apiKey", + "x-amazon-apigateway-authorizer": { + "authorizerResultTtlInSeconds": 0, + "authorizerUri": "arn:aws:apigateway:{Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:{Region}:{AccountId}:function:bc-authorization-v2-authorizer-{UniqueTag}{Alias}/invocations", + "identitySource": "method.request.header.authorization", + "type": "request" + }, + "x-amazon-apigateway-authtype": "custom" + } + }, + "schemas": { + "BOMMaterials": { + "enum": ["oss", "iac", "images", "all"], + "type": "string" + }, + "BOMReportFormat": { "enum": ["csv", "cyclonedx"], "type": "string" }, + "CveRow": { + "additionalProperties": false, + "properties": { + "cvss": { "format": "double", "type": "number" }, + "cvssVectorString": { "type": "string" }, + "description": { "type": "string" }, + "fixedVersion": { "type": "string" }, + "id": { "type": "string" }, + "link": { "type": "string" }, + "publishedDate": { "format": "date-time", "type": "string" }, + "riskFactors": { "$ref": "#/components/schemas/ParsedRiskFactors" }, + "severity": { "type": "string" }, + "summary": { "type": "string" } + }, + "required": [ + "id", + "severity", + "link", + "description", + "publishedDate", + "cvss", + "cvssVectorString", + "riskFactors" + ], + "type": "object" + }, + "DependencyRow": { + "additionalProperties": false, + "properties": { + "cves": { + "items": { "$ref": "#/components/schemas/CveRow" }, + "type": "array" + }, + "id": { "type": "string" }, + "license": { "type": "string" }, + "maxSeverity": { "format": "double", "type": "number" }, + "name": { "type": "string" }, + "origin": { "type": "string" }, + "srcCount": { "format": "double", "type": "number" }, + "version": { "type": "string" } + }, + "required": [ + "id", + "name", + "version", + "origin", + "license", + "srcCount", + "maxSeverity", + "cves" + ], + "type": "object" + }, + "Filters": { + "additionalProperties": false, + "properties": { + "cve": { + "description": "CVE-ID", + "items": { "type": "string" }, + "type": "array" + }, + "license": { + "description": "License identifier", + "items": { "type": "string" }, + "type": "array" + }, + "name": { "description": "Package name", "type": "string" }, + "origin": { + "description": "Package language framwork/ecosystem", + "items": { "type": "string" }, + "type": "array" + }, + "repositoryId": { + "description": "VCS repository ID", + "items": { "type": "string" }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/RiskFactorsFilters", + "description": "CVE risk factors" + }, + "severity": { + "description": "CVE severiry based on CVSS score", + "items": { "type": "string" }, + "type": "array" + }, + "sourceId": { "items": { "type": "string" }, "type": "array" }, + "workspaceIds": { + "description": "VCS workspace/integration ID", + "items": { "type": "string" }, + "type": "array" + } + }, + "type": "object" + }, + "GeneratedBOMReport": { + "additionalProperties": false, + "properties": { + "format": { "$ref": "#/components/schemas/BOMReportFormat" }, + "reportLink": { "type": "string" } + }, + "required": ["reportLink", "format"], + "type": "object" + }, + "GeneratedBOMReportResponse": { + "additionalProperties": false, + "properties": { + "bomResponse": { + "items": { "$ref": "#/components/schemas/GeneratedBOMReport" }, + "type": "array" + } + }, + "required": ["bomResponse"], + "type": "object" + }, + "ParsedRiskFactors": { + "additionalProperties": false, + "properties": { + "ContainerRunningAsRoot": { "type": "boolean" }, + "ExploitExists": { "type": "boolean" }, + "ExploitInTheWild": { "type": "boolean" }, + "ListeningPorts": { "type": "boolean" }, + "NoMandatorySecurityProfileApplied": { "type": "boolean" }, + "PackageInUse": { "type": "boolean" }, + "ReachableFromInternet": { "type": "boolean" }, + "RunningAsPrivilegedContainer": { "type": "boolean" }, + "attackComplexity": { "type": "string" }, + "attackVector": { "type": "string" }, + "doS": { "type": "boolean" }, + "exploitPOC": { "type": "boolean" }, + "recentVulnerability": { "type": "boolean" }, + "remoteExecution": { "type": "boolean" } + }, + "type": "object" + }, + "RiskFactorsFilters": { + "additionalProperties": false, + "properties": { + "attackComplexity": { + "items": { "type": "string" }, + "type": "array" + }, + "attackVector": { "items": { "type": "string" }, "type": "array" }, + "containerRunningAsRoot": { "type": "boolean" }, + "doS": { "type": "boolean" }, + "exploitExists": { "type": "boolean" }, + "exploitInTheWild": { "type": "boolean" }, + "exploitPOC": { "type": "boolean" }, + "hasFix": { "type": "boolean" }, + "listeningPorts": { "type": "boolean" }, + "noMandatorySecurityProfileApplied": { "type": "boolean" }, + "packageInUse": { "type": "boolean" }, + "reachableFromInternet": { "type": "boolean" }, + "recentVulnerability": { "type": "boolean" }, + "remoteExecution": { "type": "boolean" }, + "runningAsPrivilegedContainer": { "type": "boolean" } + }, + "type": "object" + }, + "SortingOptions": { + "enum": [ + "name", + "version", + "license", + "srcCount", + "cves", + "maxSeverity" + ], + "type": "string" + } + } + }, + "info": { + "contact": {}, + "description": "The SBOM endpoints are listed below.\n", + "title": "Prisma Cloud SBOM API Overview", + "version": "Latest" + }, + "openapi": "3.0.0", + "paths": { + "/code/api/v1/bom/getBOMReport/{repoId}": { + "get": { + "description": "Get a BOM Report", + "operationId": "getBOMReport", + "parameters": [ + { + "in": "path", + "name": "repoId", + "required": true, + "schema": { "type": "string" } + }, + { + "in": "query", + "name": "format", + "required": true, + "schema": { "enum": ["csv", "cyclonedx"], "type": "string" } + }, + { + "in": "query", + "name": "material", + "required": true, + "schema": { + "enum": ["oss", "iac", "images", "all"], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "examples": { + "Example 1": { + "value": { + "bomResponse": [ + { + "format": "csv", + "reportLink": "Presigned BOM Report Link" + } + ] + } + } + }, + "schema": { + "$ref": "#/components/schemas/GeneratedBOMReportResponse" + } + } + }, + "description": "Get BOM Report" + }, + "401": { "description": "Unauthorized to get the BOM report" }, + "422": { "description": "Request arguments validation error" }, + "500": { "description": "Failed to get BOM Report" } + }, + "security": [{ "CustomAuthorizer": [] }], + "summary": "Get BOM Report", + "tags": ["SBOM"], + "x-bc-required-permissions": [ + "CCSDevelopmentPipelinesCodeReviews_READ", + "CCSDevelopmentPipelinesProjects_READ", + "CCSSupplyChain_READ" + ], + "x-codeSamples": [ + { + "lang": "Python + Requests", + "source": "import requests\n\nurl = \"http://undefinedundefined/code/api/v1/bom/getBOMReport/{repoId}\"\n\nquerystring = {\"format\":\"SOME_STRING_VALUE\",\"material\":\"SOME_STRING_VALUE\"}\n\nheaders = {\"authorization\": \"REPLACE_KEY_VALUE\"}\n\nresponse = requests.request(\"GET\", url, headers=headers, params=querystring)\n\nprint(response.text)" + }, + { + "lang": "Shell + Curl", + "source": "curl --request GET \\\n --url 'http://undefinedundefined/code/api/v1/bom/getBOMReport/{repoId}?format=SOME_STRING_VALUE&material=SOME_STRING_VALUE' \\\n --header 'authorization: REPLACE_KEY_VALUE'" + } + ] + } + }, + "/code/api/v1/sbom/dependencies": { + "post": { + "description": "Get all open-source packages found in your organization's version control system (VCS).", + "operationId": "sbomDependencies", + "parameters": [ + { + "description": "Page number to retrieve", + "in": "query", + "name": "page", + "required": true, + "schema": { "format": "double", "type": "number" } + }, + { + "description": "Amount of dependencies to retrieve", + "in": "query", + "name": "limit", + "required": true, + "schema": { "format": "double", "type": "number" } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "properties": { + "filters": { "$ref": "#/components/schemas/Filters" }, + "sortBy": { "$ref": "#/components/schemas/SortingOptions" }, + "sortDesc": { "type": "boolean" } + }, + "required": ["filters"], + "type": "object" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "items": { "$ref": "#/components/schemas/DependencyRow" }, + "type": "array" + } + } + }, + "description": "Got dependencies list" + }, + "422": { "description": "Request arguments validation error" } + }, + "security": [{ "CustomAuthorizer": [] }], + "summary": "Get Dependencies", + "tags": ["SBOM"], + "x-codeSamples": [ + { + "lang": "Python + Requests", + "source": "import requests\n\nurl = \"http://undefinedundefined/code/api/v1/sbom/dependencies\"\n\nquerystring = {\"page\":\"SOME_NUMBER_VALUE\",\"limit\":\"SOME_NUMBER_VALUE\"}\n\npayload = {\n \"filters\": {\n \"cve\": [\"string\"],\n \"license\": [\"string\"],\n \"name\": \"string\",\n \"origin\": [\"string\"],\n \"repositoryId\": [\"string\"],\n \"riskFactors\": {\n \"attackComplexity\": [\"string\"],\n \"attackVector\": [\"string\"],\n \"containerRunningAsRoot\": True,\n \"doS\": True,\n \"exploitExists\": True,\n \"exploitInTheWild\": True,\n \"exploitPOC\": True,\n \"hasFix\": True,\n \"listeningPorts\": True,\n \"noMandatorySecurityProfileApplied\": True,\n \"packageInUse\": True,\n \"reachableFromInternet\": True,\n \"recentVulnerability\": True,\n \"remoteExecution\": True,\n \"runningAsPrivilegedContainer\": True\n },\n \"severity\": [\"string\"],\n \"sourceId\": [\"string\"],\n \"workspaceIds\": [\"string\"]\n },\n \"sortBy\": \"name\",\n \"sortDesc\": True\n}\nheaders = {\n \"content-type\": \"application/json\",\n \"authorization\": \"REPLACE_KEY_VALUE\"\n}\n\nresponse = requests.request(\"POST\", url, json=payload, headers=headers, params=querystring)\n\nprint(response.text)" + }, + { + "lang": "Shell + Curl", + "source": "curl --request POST \\\n --url 'http://undefinedundefined/code/api/v1/sbom/dependencies?page=SOME_NUMBER_VALUE&limit=SOME_NUMBER_VALUE' \\\n --header 'authorization: REPLACE_KEY_VALUE' \\\n --header 'content-type: application/json' \\\n --data '{\"filters\":{\"cve\":[\"string\"],\"license\":[\"string\"],\"name\":\"string\",\"origin\":[\"string\"],\"repositoryId\":[\"string\"],\"riskFactors\":{\"attackComplexity\":[\"string\"],\"attackVector\":[\"string\"],\"containerRunningAsRoot\":true,\"doS\":true,\"exploitExists\":true,\"exploitInTheWild\":true,\"exploitPOC\":true,\"hasFix\":true,\"listeningPorts\":true,\"noMandatorySecurityProfileApplied\":true,\"packageInUse\":true,\"reachableFromInternet\":true,\"recentVulnerability\":true,\"remoteExecution\":true,\"runningAsPrivilegedContainer\":true},\"severity\":[\"string\"],\"sourceId\":[\"string\"],\"workspaceIds\":[\"string\"]},\"sortBy\":\"name\",\"sortDesc\":true}'" + } + ] + } + } + }, + "servers": null, + "tags": [{ "name": "SBOM" }] +} diff --git a/openapi-specs/code/SupplyChain.json b/openapi-specs/code/SupplyChain.json index fdc7ddb65..9a0562294 100644 --- a/openapi-specs/code/SupplyChain.json +++ b/openapi-specs/code/SupplyChain.json @@ -498,7 +498,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Get nodes", + "summary": "Get Nodes", "tags": ["Supply Chain"], "x-codeSamples": [ { diff --git a/openapi-specs/code/Suppressions.json b/openapi-specs/code/Suppressions.json index 320e72027..04b918032 100644 --- a/openapi-specs/code/Suppressions.json +++ b/openapi-specs/code/Suppressions.json @@ -436,7 +436,7 @@ } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "List suppression rules", + "summary": "List Suppression Rules", "tags": ["Suppressions"], "x-codeSamples": [ { @@ -519,7 +519,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Create new suppression by policy id", + "summary": "Create New Suppression by Policy ID", "tags": ["Suppressions"], "x-codeSamples": [ { @@ -615,7 +615,7 @@ } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Update suppression by policy id and suppression id", + "summary": "Update Suppression by Policy ID and Suppression ID", "tags": ["Suppressions"], "x-codeSamples": [ { @@ -650,7 +650,7 @@ "422": { "description": "Request arguments validation error" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Delete one suppression by suppression id and violation id", + "summary": "Delete Suppression by Suppression ID and Violation ID", "tags": ["Suppressions"], "x-codeSamples": [ { @@ -742,7 +742,7 @@ "500": { "description": "Failed to get suppression" } }, "security": [{ "CustomAuthorizer": [] }], - "summary": "Get suppressions justifications by policy id and query accounts", + "summary": "Get Suppressions Justifications by Policy ID and Query Accounts", "tags": ["Suppressions"], "x-codeSamples": [ { diff --git a/openapi-specs/code/Technologies.json b/openapi-specs/code/Technologies.json new file mode 100644 index 000000000..87767ed2e --- /dev/null +++ b/openapi-specs/code/Technologies.json @@ -0,0 +1,611 @@ +{ + "components": { + "examples": {}, + "headers": {}, + "parameters": {}, + "requestBodies": {}, + "responses": {}, + "securitySchemes": { + "CustomAuthorizer": { + "in": "header", + "name": "authorization", + "type": "apiKey", + "x-amazon-apigateway-authorizer": { + "authorizerResultTtlInSeconds": 0, + "authorizerUri": "arn:aws:apigateway:{Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:{Region}:{AccountId}:function:bc-authorization-v2-authorizer-{UniqueTag}{Alias}/invocations", + "identitySource": "method.request.header.authorization", + "type": "request" + }, + "x-amazon-apigateway-authtype": "custom" + } + }, + "schemas": { + "CatalogCategory": { + "enum": ["VCS", "CI/CD", "Registries", "Production"], + "type": "string" + }, + "CatalogGroup": { "enum": ["Code", "Build", "Deploy"], "type": "string" }, + "CatalogName": { + "enum": [ + "Github", + "Gitlab", + "Bitbucket", + "Azure Repos", + "CodeCommit", + "Jenkins", + "TeamCity", + "Travis CI", + "GitHub Actions", + "GitLab CI/CD", + "Bitbucket Pipelines", + "CodeFresh", + "CircleCI", + "Argo CD", + "Concourse CI", + "BuildKite", + "AWS CodeBuild", + "AWS CodeDeploy", + "AWS CodePipeline", + "Drone", + "JFrog Artifactory", + "AWS ECR", + "Nexus", + "Docker Hub", + "GitHub Registry", + "AWS EC2", + "AWS EKS", + "AWS ECS", + "AWS Lambda", + "AWS App Mesh", + "AWS API Gateway", + "AWS Elastic Load Balancing", + "Azure Virtual Machines", + "Azure Functions", + "Azure AKS", + "Azure Container Instances", + "Azure Service Fabric", + "Google Kubernetes Engine", + "Google Compute Engine", + "Google Container Registry", + "Chromatic", + "env0", + "FireFly", + "Testim", + "Unity", + "JfrogXray", + "Buddy.Works", + "Snowflake", + "databricks", + "Heroku", + "Netlify", + "PagerDuty", + "Ngrok", + "Google Play", + "FireBase", + "npm", + "Grafana", + "AWS DynamoDB", + "Google Cloud Functions", + "Google Cloud Build", + "Azure Pipelines", + "AWS CodeArtifact", + "AWS STS", + "AWS SQS", + "AWS SNS", + "AWS S3", + "HashiCorp Consul", + "Datadog", + "SENTRY", + "Bamboo", + "Terraform Cloud", + "Nx Cloud", + "DeployHQ", + "Cloudflare", + "Allure TestOps", + "Bitrise", + "Skaffold", + "Google Cloud Run", + "Codecov", + "Checkov", + "Cypress", + "Snyk", + "Helm", + "Salesforce", + "Nginx", + "Bandit", + "Velocity", + "CoveragePy", + "HashiCorpVault", + "Zapier", + "Ansible", + "Yor", + "Semgrep", + "TrivyAction", + "Slack", + "GitLeaks", + "Azure Artifacts Feed", + "Adobe Cloud Manager", + "Adobe Cloud Package Manager" + ], + "type": "string" + }, + "DataStatus": { "enum": ["ok", "empty"], "type": "string" }, + "EvidanceData": { + "additionalProperties": {}, + "properties": { + "firstSeen": { "format": "double", "type": "number" }, + "id": { "type": "string" }, + "lastSeen": { "format": "double", "type": "number" }, + "lastUpdated": { "format": "double", "type": "number" } + }, + "required": ["id", "firstSeen", "lastUpdated", "lastSeen"], + "type": "object" + }, + "Executable": { + "additionalProperties": false, + "properties": { + "insight": { "$ref": "#/components/schemas/Insight" }, + "name": { "type": "string" } + }, + "required": ["name", "insight"], + "type": "object" + }, + "GetResponse": { + "additionalProperties": false, + "properties": { + "data": { "$ref": "#/components/schemas/IScan" }, + "status": { "$ref": "#/components/schemas/DataStatus" } + }, + "required": ["status", "data"], + "type": "object" + }, + "IResolvedCatalog": { + "additionalProperties": false, + "properties": { + "category": { "$ref": "#/components/schemas/CatalogCategory" }, + "description": { "type": "string" }, + "firstSeen": { "format": "double", "type": "number" }, + "group": { "$ref": "#/components/schemas/CatalogGroup" }, + "lastSeen": { "format": "double", "type": "number" }, + "lastUpdated": { "format": "double", "type": "number" }, + "name": { "$ref": "#/components/schemas/CatalogName" }, + "sources": { + "items": { "$ref": "#/components/schemas/IResolvedSource" }, + "type": "array" + } + }, + "required": [ + "name", + "description", + "group", + "category", + "firstSeen", + "lastSeen", + "lastUpdated", + "sources" + ], + "type": "object" + }, + "IResolvedSource": { + "additionalProperties": false, + "properties": { + "evidanceData": { + "items": { "$ref": "#/components/schemas/EvidanceData" }, + "type": "array" + }, + "firstSeen": { "format": "double", "type": "number" }, + "lastSeen": { "format": "double", "type": "number" }, + "lastUpdated": { "format": "double", "type": "number" }, + "name": { "$ref": "#/components/schemas/SourceName" } + }, + "required": [ + "name", + "firstSeen", + "lastSeen", + "lastUpdated", + "evidanceData" + ], + "type": "object" + }, + "IScan": { + "properties": { + "id": { "type": "string" }, + "lastCleared": { "format": "double", "type": "number" }, + "lastScan": { "format": "double", "type": "number" }, + "lastUpdated": { "format": "double", "type": "number" }, + "results": { + "items": { "$ref": "#/components/schemas/IResolvedCatalog" }, + "type": "array" + } + }, + "required": ["results", "lastUpdated", "lastScan", "id"], + "type": "object" + }, + "IVCSInstalledApp": { + "additionalProperties": false, + "properties": { + "adminPermissions": { + "description": "VCS App installed with repository or organization level admin permissions", + "items": { "type": "string" }, + "type": "array" + }, + "customerName": { + "description": "Customer Prisma ID", + "type": "string" + }, + "events": { + "description": "VCS webhook events the App listens on", + "items": { "type": "string" }, + "type": "array" + }, + "htmlUrl": { + "description": "VCS App settings URL", + "type": "string" + }, + "id": { "description": "VCS App ID", "type": "string" }, + "name": { "description": "VCS App name", "type": "string" }, + "nodeCreatedTimestamp": { "format": "double", "type": "number" }, + "readPermissions": { + "description": "VCS App read permissions", + "items": { "type": "string" }, + "type": "array" + }, + "repositorySelection": { + "description": "repositorySelection:\n - `all`: VCS App installed on organization level\n - `selected`: VCS App installed on selected repositories", + "type": "string" + }, + "timestamp": { "format": "double", "type": "number" }, + "type": { + "enum": ["VCSInstalledApp"], + "nullable": false, + "type": "string" + }, + "vendorCreatedTimestamp": { + "description": "Webhook creation date", + "format": "double", + "type": "number" + }, + "writePermissions": { + "description": "VCS App write permissions", + "items": { "type": "string" }, + "type": "array" + } + }, + "required": [ + "id", + "type", + "customerName", + "name", + "timestamp", + "events", + "readPermissions", + "writePermissions", + "adminPermissions", + "repositorySelection", + "htmlUrl" + ], + "type": "object" + }, + "IVCSWebhook": { + "additionalProperties": false, + "properties": { + "createdAt": { + "description": "Webhook creation date", + "format": "double", + "type": "number" + }, + "customerName": { + "description": "Customer Prisma ID", + "type": "string" + }, + "domain": { "description": "Webhook URL domain", "type": "string" }, + "id": { "description": "VCS App ID", "type": "string" }, + "isSSLVerificationEnabled": { + "description": "Webhook SSL verification enabled/disabled", + "type": "boolean" + }, + "name": { "description": "VCS App name", "type": "string" }, + "nodeCreatedTimestamp": { "format": "double", "type": "number" }, + "timestamp": { "format": "double", "type": "number" }, + "triggers": { + "description": "Webhook events triggers", + "items": { "type": "string" }, + "type": "array" + }, + "type": { + "enum": ["VCSWebhook"], + "nullable": false, + "type": "string" + }, + "url": { "description": "Webhook URL", "type": "string" }, + "vendorCreatedTimestamp": { + "description": "Webhook creation date", + "format": "double", + "type": "number" + }, + "webhookType": { "description": "Webhook type", "type": "string" }, + "workspaceId": { + "description": "VCS workspace/integration ID", + "type": "string" + } + }, + "required": [ + "id", + "type", + "customerName", + "name", + "timestamp", + "url", + "domain", + "webhookType", + "triggers" + ], + "type": "object" + }, + "Insight": { + "additionalProperties": false, + "properties": { + "isVerified": { "type": "boolean" }, + "labels": { + "items": { "$ref": "#/components/schemas/Labels" }, + "type": "array" + }, + "owner": { "type": "string" }, + "stars": { "format": "double", "type": "number" }, + "usage": { "format": "double", "type": "number" } + }, + "required": ["labels", "stars", "usage", "owner"], + "type": "object" + }, + "Labels": { + "additionalProperties": false, + "properties": { + "id": { "format": "double", "type": "number" }, + "name": { "type": "string" }, + "tooltip": { "type": "string" } + }, + "required": ["id", "name", "tooltip"], + "type": "object" + }, + "ParsedInventory": { + "additionalProperties": false, + "properties": { + "appName": { "description": "Pipeline tool name", "type": "string" }, + "description": { + "description": "Pipeline tool description", + "type": "string" + }, + "executables": { + "description": "Pipeline tool executables", + "items": { "$ref": "#/components/schemas/Executable" }, + "type": "array" + }, + "link": { "description": "Pipeline tool link", "type": "string" }, + "logo": { "type": "string" }, + "sources": { + "description": "Pipeline tool sources", + "items": { + "properties": { + "arguments": { + "anyOf": [ + { "items": { "type": "string" }, "type": "array" }, + { + "items": { + "properties": { + "command": { "type": "string" }, + "name": { "type": "string" } + }, + "required": ["command", "name"], + "type": "object" + }, + "type": "array" + } + ], + "description": "Pipeline tool arguments" + }, + "casId": { "type": "string" }, + "filePath": { + "description": "Pipeline tool CI file path", + "type": "string" + }, + "lineNumber": { + "description": "Pipeline tool line number in CI file", + "format": "double", + "type": "number" + }, + "name": { + "description": "Pipeline tool name", + "type": "string" + }, + "repoId": { + "description": "VCS repository ID", + "type": "string" + }, + "workspaceId": { + "description": "VCS workspace/integration ID", + "type": "string" + } + }, + "required": [ + "lineNumber", + "filePath", + "workspaceId", + "casId", + "repoId", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "vendor": { "type": "string" } + }, + "required": [ + "appName", + "vendor", + "description", + "link", + "logo", + "sources" + ], + "type": "object" + }, + "SourceName": { + "enum": [ + "VCS Webhooks", + "VCS App", + "VCS DeployKey", + "CI Credentials", + "CI Plugins", + "CI Files", + "VCS Credentials", + "Pipeline Configurations", + "Pipeline Tools", + "Integrations" + ], + "type": "string" + } + } + }, + "info": { + "contact": {}, + "description": "The Technologies endpoints are listed below.\n", + "title": "Prisma Cloud Technologies API Overview", + "version": "Latest" + }, + "openapi": "3.0.0", + "paths": { + "/code/api/v1/apps-webhooks/apps": { + "get": { + "description": "Get an inventory of third-party applications (apps) found in your organization's version control system (VCS).", + "operationId": "getApps", + "parameters": [], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "items": { "$ref": "#/components/schemas/IVCSInstalledApp" }, + "type": "array" + } + } + }, + "description": "apps" + } + }, + "security": [{ "CustomAuthorizer": [] }], + "summary": "Get VCS 3rd Party Apps", + "tags": ["Technologies"], + "x-codeSamples": [ + { + "lang": "Python + Requests", + "source": "import requests\n\nurl = \"http://undefinedundefined/code/api/v1/apps-webhooks/apps\"\n\nheaders = {\"authorization\": \"REPLACE_KEY_VALUE\"}\n\nresponse = requests.request(\"GET\", url, headers=headers)\n\nprint(response.text)" + }, + { + "lang": "Shell + Curl", + "source": "curl --request GET \\\n --url http://undefinedundefined/code/api/v1/apps-webhooks/apps \\\n --header 'authorization: REPLACE_KEY_VALUE'" + } + ] + } + }, + "/code/api/v1/apps-webhooks/webhooks": { + "get": { + "description": "Get an inventory of third-party webhooks found in your organization’s version control system (VCS).", + "operationId": "getWebhooks", + "parameters": [], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "items": { "$ref": "#/components/schemas/IVCSWebhook" }, + "type": "array" + } + } + }, + "description": "webhooks" + } + }, + "security": [{ "CustomAuthorizer": [] }], + "summary": "Get VCS 3rd Party Webhooks", + "tags": ["Technologies"], + "x-codeSamples": [ + { + "lang": "Python + Requests", + "source": "import requests\n\nurl = \"http://undefinedundefined/code/api/v1/apps-webhooks/webhooks\"\n\nheaders = {\"authorization\": \"REPLACE_KEY_VALUE\"}\n\nresponse = requests.request(\"GET\", url, headers=headers)\n\nprint(response.text)" + }, + { + "lang": "Shell + Curl", + "source": "curl --request GET \\\n --url http://undefinedundefined/code/api/v1/apps-webhooks/webhooks \\\n --header 'authorization: REPLACE_KEY_VALUE'" + } + ] + } + }, + "/code/api/v1/assets-inventory": { + "get": { + "description": "List all technologies and their sources", + "operationId": "assetsInventoryGetAll", + "parameters": [], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { "$ref": "#/components/schemas/GetResponse" } + } + }, + "description": "Get assets inventory" + }, + "500": { "description": "failed to fetch assets inventory" } + }, + "security": [{ "CustomAuthorizer": [] }], + "summary": "List Technologies", + "tags": ["Technologies"], + "x-codeSamples": [ + { + "lang": "Python + Requests", + "source": "import requests\n\nurl = \"http://undefinedundefined/code/api/v1/assets-inventory\"\n\nheaders = {\"authorization\": \"REPLACE_KEY_VALUE\"}\n\nresponse = requests.request(\"GET\", url, headers=headers)\n\nprint(response.text)" + }, + { + "lang": "Shell + Curl", + "source": "curl --request GET \\\n --url http://undefinedundefined/code/api/v1/assets-inventory \\\n --header 'authorization: REPLACE_KEY_VALUE'" + } + ] + } + }, + "/code/api/v1/ci-inventory": { + "get": { + "description": "Get an inventory of all third-party services and tools used by an organization’s CI/CD pipeline.", + "operationId": "getCiInventory", + "parameters": [], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "items": { "$ref": "#/components/schemas/ParsedInventory" }, + "type": "array" + } + } + }, + "description": "pipeline tools" + } + }, + "security": [{ "CustomAuthorizer": [] }], + "summary": "Get Pipeline Tools", + "tags": ["Technologies"], + "x-codeSamples": [ + { + "lang": "Python + Requests", + "source": "import requests\n\nurl = \"http://undefinedundefined/code/api/v1/ci-inventory\"\n\nheaders = {\"authorization\": \"REPLACE_KEY_VALUE\"}\n\nresponse = requests.request(\"GET\", url, headers=headers)\n\nprint(response.text)" + }, + { + "lang": "Shell + Curl", + "source": "curl --request GET \\\n --url http://undefinedundefined/code/api/v1/ci-inventory \\\n --header 'authorization: REPLACE_KEY_VALUE'" + } + ] + } + } + }, + "servers": null, + "tags": [{ "name": "Technologies" }] +} diff --git a/openapi-specs/compute/32-05/desc/SCAP/get.md b/openapi-specs/compute/32-05/desc/SCAP/get.md new file mode 100644 index 000000000..a25abe94e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/SCAP/get.md @@ -0,0 +1,11 @@ +This endpoint will return any SCAP datastreams uploaded to the console. This endpoint will return a 404 error if you have not configured your console to consume SCAP datastreams. + +The following is an example curl command that uses basic auth to retrieve any uploaded datastreams configured for SCAP scanning: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/scap +``` diff --git a/openapi-specs/compute/32-05/desc/SCAP/id_delete.md b/openapi-specs/compute/32-05/desc/SCAP/id_delete.md new file mode 100644 index 000000000..39f1b0132 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/SCAP/id_delete.md @@ -0,0 +1,11 @@ +This endpoint will delete any SCAP datastreams uploaded to the console. You can find `xml_name` from the `GET /api/v1/scap` endpoint. + +The following is an example curl command that uses basic auth to delete an uploaded datastreams configured for SCAP scanning: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/scap/{xml_name} +``` diff --git a/openapi-specs/compute/32-05/desc/SCAP/post.md b/openapi-specs/compute/32-05/desc/SCAP/post.md new file mode 100644 index 000000000..d459a0e97 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/SCAP/post.md @@ -0,0 +1,12 @@ +This endpoint will allow you to add a SCAP datastream to the console. + +The following is an example curl command that uses basic auth to add an uploaded datastreams configured for SCAP scanning: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"XMLName":{"Space":"","Local":""}}' \ + https://:8083/api/v1/scap +``` diff --git a/openapi-specs/compute/32-05/desc/SCAP/scap.md b/openapi-specs/compute/32-05/desc/SCAP/scap.md new file mode 100644 index 000000000..7fb3222a8 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/SCAP/scap.md @@ -0,0 +1,2 @@ +Import custom security checklists and evaluate them against your container images. +Custom checklists complement the predefined compliance checks provided in the default Prisma Cloud Compute installation. diff --git a/openapi-specs/compute/32-05/desc/_ping/_ping.md b/openapi-specs/compute/32-05/desc/_ping/_ping.md new file mode 100644 index 000000000..3df18386f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/_ping/_ping.md @@ -0,0 +1 @@ +Checks if the Console is alive, responsive, and reachable from your network host. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/_ping/get.md b/openapi-specs/compute/32-05/desc/_ping/get.md new file mode 100644 index 000000000..8e143ef67 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/_ping/get.md @@ -0,0 +1,14 @@ +Checks if Console is reachable from your network host. + +### cURL Request + +Refer to the following cURL example command that pings Console and prints the HTTP response code: + +```bash +$ curl -k \ + -s \ + -o /dev/null \ + -w "%{http_code}\n" \ + -X GET \ + https:///api/v/_ping +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/agentless/agentless.md b/openapi-specs/compute/32-05/desc/agentless/agentless.md new file mode 100644 index 000000000..34aedf7d1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/agentless/agentless.md @@ -0,0 +1,19 @@ +The agentless security scan monitors hosts and containers for vulnerabilities and compliance risks by scanning the root volumes of snapshots without the need to install an agent. +Supported cloud service provider platforms for agentless scanning: +* Hosts - Amazon AWS, Google Cloud Platform, Microsoft Azure, and Oracle Cloud Infrastructure. +* Containers- AWS, Azure, and GCP + +When you add a cloud account in the Prisma Cloud Compute (Manage > Cloud accounts), enable the agentless scan option and configure the scan scope. + +### Authentication + +#### Basic Auth +##### Headers + - Authorization: required (string): Authenticates with the Base64-encoded "username:password" credentials. + +#### JWT Access Token +Use POST, /api/vVERSION/authenticate for authorization +##### Headers + - Authorization: required (string): Authenticates with the Bearer authentication scheme to transmit the access token. + Example: + Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJk………… \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/agentless/get_agentless_progress.md b/openapi-specs/compute/32-05/desc/agentless/get_agentless_progress.md new file mode 100644 index 000000000..b98ed9da5 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/agentless/get_agentless_progress.md @@ -0,0 +1,31 @@ +Shows the progress of an ongoing scan on hosts or containers for vulnerabilities and compliance. + +### cURL Request + +Refer to the following example cURL command: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + “https:///api/v/agentless/progress” +``` + +### cURL Response + +Refer to the following example cURL response: + +``` +{ + "hostname": "", + "id": "", + "scanTime": "2022-11-09T11:10:51.649Z", + "type": "agentlessHost", + "discovery": true, + "total": 5, + "scanned": 2, + "title": "Agentless discovering" + } +] +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/agentless/post_agentless_scan.md b/openapi-specs/compute/32-05/desc/agentless/post_agentless_scan.md new file mode 100644 index 000000000..f1295cdc4 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/agentless/post_agentless_scan.md @@ -0,0 +1,17 @@ +Scans the hosts or containers for vulnerabilities and compliance. + +**Before you begin** +Make sure that you download (use the agentless/templates API) and apply the permission templates in the supported cloud accounts: AWS, Azure, GCP, and OCI. + + +### cURL Request + +Refer to the following example cURL command: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + “https:///api/v/agentless/scan” +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/agentless/post_agentless_stop.md b/openapi-specs/compute/32-05/desc/agentless/post_agentless_stop.md new file mode 100644 index 000000000..ab83960cc --- /dev/null +++ b/openapi-specs/compute/32-05/desc/agentless/post_agentless_stop.md @@ -0,0 +1,13 @@ +Stops an ongoing scan on hosts or containers for vulnerabilities and compliance. + +### cURL Request + +Refer to the following example cURL command: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + “https:///api/v/agentless/stop” +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/agentless/post_agentless_templates.md b/openapi-specs/compute/32-05/desc/agentless/post_agentless_templates.md new file mode 100644 index 000000000..96be32555 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/agentless/post_agentless_templates.md @@ -0,0 +1,41 @@ +Downloads a tarball file that contains the agentless resource permission templates for the cloud accounts. Apply these permission templates to complete the onboarding process for agentless scanning. + +* AWS: The tarball contains templates in JSON format ending with the following names: + * _aws_hub_target_user_permissions.json + * _aws_hub_user_permissions.json + * _aws_target_user_permissions.json + +For more information on how to apply the permission templates, refer to the "Configure agentless scanning" section in the Prisma Cloud Compute administration guide. + +* Azure: Use the following script, that comes bundled in the tarball file, to apply permission template to an Azure cloud account: + * apply_azure_permissions.sh: Run the script with a location (that specifies location of the resource) parameter. For more information on location parameters, see [resource location in ARM template](https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/resource-location?tabs=azure-cli). + +* OCI: Use the following script, that comes bundled in the tarball file, to apply permission template to an OCI cloud account: + * pcc-apply-permissions.sh: Run the script with a compartment name parameter. + +* GCP: The tarball contains Jinja templates in YAML format ending with the following names: + * _hub_target_access_permissions.yaml.jinja + * _hub_target_user_permissions.yaml.jinja + * _hub_user_permissions.yaml.jinja + * _target_user_permissions.yaml.jinja + +For more information on how to apply the permission templates, refer to the "Configure agentless scanning" section in the Prisma Cloud Compute administration guide. + +**Note**: The body parameter `credentialID` is required to download templates in tar.gz format. + +### Before you begin +Add the supported cloud accounts (AWS, Azure, GCP, and OCI) in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -O \ + -d {"credentialID":"aws_docs"} \ + “https:///api/v/agentless/templates” +``` diff --git a/openapi-specs/compute/32-05/desc/alert-profiles/alert-profiles.md b/openapi-specs/compute/32-05/desc/alert-profiles/alert-profiles.md new file mode 100644 index 000000000..a8a915094 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/alert-profiles/alert-profiles.md @@ -0,0 +1,8 @@ +Manage alert profiles, which let you surface critical policy breaches by sending alerts to channels, such as email, Slack, and JIRA. + +Alert profiles define which events should be sent to which channel. +Each profile declares: + +* One or more recipients. +* One or more triggers, that raise alerts by sending messages on the configured channel. + diff --git a/openapi-specs/compute/32-05/desc/alert-profiles/get.md b/openapi-specs/compute/32-05/desc/alert-profiles/get.md new file mode 100644 index 000000000..82647e248 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/alert-profiles/get.md @@ -0,0 +1,11 @@ +Retrieve a list of all alert profiles created in the system. + +The following example curl command uses basic auth to retrieve all alert profiles: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/alert-profiles +``` diff --git a/openapi-specs/compute/32-05/desc/alert-profiles/id_delete.md b/openapi-specs/compute/32-05/desc/alert-profiles/id_delete.md new file mode 100644 index 000000000..1a67fe20e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/alert-profiles/id_delete.md @@ -0,0 +1,14 @@ +Deletes an alert profile entry by name. +In the request payload, specify the alert profile name. +This method has no response data. + +The following example curl command deletes an existing alert profile named `PROFILE-NAME`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/alert-profiles/ +``` + diff --git a/openapi-specs/compute/32-05/desc/alert-profiles/names_get.md b/openapi-specs/compute/32-05/desc/alert-profiles/names_get.md new file mode 100644 index 000000000..cac14437b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/alert-profiles/names_get.md @@ -0,0 +1,20 @@ +Retrieve a list of only the names of all alert profiles created in the system. + +The following example curl command uses basic auth to retrieve all alert profiles' names: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/alert-profiles/names +``` + +Example Response: + +``` +[ + "jira", + "aqsa vulns" +] +``` diff --git a/openapi-specs/compute/32-05/desc/alert-profiles/post.md b/openapi-specs/compute/32-05/desc/alert-profiles/post.md new file mode 100644 index 000000000..9fa643429 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/alert-profiles/post.md @@ -0,0 +1,32 @@ +Update an existing alert profile created in the system. + +The following example curl command uses basic auth to add a Jira Alert profile: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/alert-profiles \ + -d ' { + "name": "jira", + "_id": "jira", + "jira": { + "enabled": true, + "projectKey": "TWIS", + "issueType": "Task", + "priority": "High", + "labels": [], + "assignee": "" + } + "policy": { + "cve": { + "enabled": true, + "allRules": true, + "rules": [], + "clients": [ + "jira" + ] + } + } ' +``` diff --git a/openapi-specs/compute/32-05/desc/alert-profiles/test_post.md b/openapi-specs/compute/32-05/desc/alert-profiles/test_post.md new file mode 100644 index 000000000..1fc745efa --- /dev/null +++ b/openapi-specs/compute/32-05/desc/alert-profiles/test_post.md @@ -0,0 +1,14 @@ +Sends a test alert to verify successful configuration of the alert profile settings. + +The following example curl command uses basic auth to send test alert for an email alert profile: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d + https://:8083/api/v1/alert-profiles/test +``` + +In this case, the `REQUEST-PAYLOAD` would be the full JSON formatted alert profile from the base `GET` command diff --git a/openapi-specs/compute/32-05/desc/api_restrictions.md b/openapi-specs/compute/32-05/desc/api_restrictions.md new file mode 100644 index 000000000..1b7b00515 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/api_restrictions.md @@ -0,0 +1,8 @@ +Paginated API requests are capped to a max of 50 returned objects because very large responses could DoS Console. + +If the response contains more than 50 objects, cycle through the collection with the `offset` query parameter to retrieve more objects. +For example: + +``` +https:///api/v1/images?limit=50&offset=X +``` diff --git a/openapi-specs/compute/32-05/desc/application-control/application-control.md b/openapi-specs/compute/32-05/desc/application-control/application-control.md new file mode 100644 index 000000000..11b8e0d9d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/application-control/application-control.md @@ -0,0 +1 @@ +Prisma Cloud Compute creates and stores host application rules for your environment. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/application-control/get.md b/openapi-specs/compute/32-05/desc/application-control/get.md new file mode 100644 index 000000000..5bd600beb --- /dev/null +++ b/openapi-specs/compute/32-05/desc/application-control/get.md @@ -0,0 +1,11 @@ +Retrieves the host application control rules. + +The following example curl command uses basic auth to retrieve the control rules: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + “https:///api/v/application-control/host” +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/application-control/id_delete.md b/openapi-specs/compute/32-05/desc/application-control/id_delete.md new file mode 100644 index 000000000..9b636266d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/application-control/id_delete.md @@ -0,0 +1 @@ +Removes the given rule from the list of host application control rules. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/application-control/put.md b/openapi-specs/compute/32-05/desc/application-control/put.md new file mode 100644 index 000000000..adf1a8a4c --- /dev/null +++ b/openapi-specs/compute/32-05/desc/application-control/put.md @@ -0,0 +1 @@ + Update and inserts the host application control rule to the database and returns the upserted rule. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/access_delete.md b/openapi-specs/compute/32-05/desc/audits/access_delete.md new file mode 100644 index 000000000..37f33ca64 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/access_delete.md @@ -0,0 +1,10 @@ +Deletes **all** access audits. This deletion cannot be undone. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://console:8083/api/v1/audits/access +``` diff --git a/openapi-specs/compute/32-05/desc/audits/access_download_get.md b/openapi-specs/compute/32-05/desc/audits/access_download_get.md new file mode 100644 index 000000000..1700deb8d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/access_download_get.md @@ -0,0 +1,12 @@ +Returns the docker access audit events data in CSV format that are logged and aggregated for any container resource protected by a Defender in Prisma Cloud Compute. + +**Note**: You can download the access events from Console under **Monitor > Events > Docker audits > Download CSV**. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -O \ + "https:///api/v/audits/access/download?type=docker" +``` diff --git a/openapi-specs/compute/32-05/desc/audits/access_filters_get.md b/openapi-specs/compute/32-05/desc/audits/access_filters_get.md new file mode 100644 index 000000000..00ac061c1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/access_filters_get.md @@ -0,0 +1,37 @@ +Retrieves all access audits by specific host filters. +There are three types of host filters based on host history, sudo events on host and SSHD events on hosts. + +The following example uses basic auth to list history of commands that are run on hosts protected by Prisma Cloud Compute. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://console:8083/api/v1/history/host +``` + +The following command gives list of sudo events on hosts. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://console:8083/api/v1/audits/access/filters?type=sudo + +``` + +The following command gives list of SSHD events on hosts. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://console:8083/api/v1/audits/access/filters?type=sshd + +``` + diff --git a/openapi-specs/compute/32-05/desc/audits/access_get.md b/openapi-specs/compute/32-05/desc/audits/access_get.md new file mode 100644 index 000000000..2401391c7 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/access_get.md @@ -0,0 +1,43 @@ +Retrieves all docker access audit events that are logged and aggregated for any container resource protected by a Defender in Prisma Cloud Compute. + +You can configure Prisma Cloud Compute to log and aggregate events such as sudo and SSH access on hosts protected by Defender. These events create an audit trail that tracks system components accessed by individual users. + +**Note**: Access events can also be viewed in Console under **Monitor > Events > Docker audits**. + +### cURL Request +Refer to the following example cURL command that gives a list of all access audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/access" +``` + +### cURL response +``` +[ + { + "containerName": "/compliance_block_container_photon_fua", + "imageName": "alpine:latest", + "user": "", + "time": "2022-11-08T18:24:09.249Z", + "hostname": "jen-photon-v3-0811t165215-cont-def-pre-lngcon230", + "fqdn": "", + "sourceIP": "", + "allow": false, + "ruleName": "compliance_block_container_rule_svn", + "api": "create", + "msg": "[Twistlock] Container operation blocked by policy: compliance_block_container_rule_svn, has 1 compliance issues ", + "collections": [ + "All", + "compliance_block_container_yue" + ], + "accountID": "twistlock-test-123456", + "cluster": "", + "namespace": "" + } +... +] +``` diff --git a/openapi-specs/compute/32-05/desc/audits/admission_download_get.md b/openapi-specs/compute/32-05/desc/audits/admission_download_get.md new file mode 100644 index 000000000..9571c483f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/admission_download_get.md @@ -0,0 +1,14 @@ +Returns the access admission events data in CSV format that were alerted or blocked by Defender functioning as Open Policy Agent admission controller. + +### cURL Request +Refer to the following example cURL command that downloads the admission audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/admission/download" + +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/admission_get.md b/openapi-specs/compute/32-05/desc/audits/admission_get.md new file mode 100644 index 000000000..84414496c --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/admission_get.md @@ -0,0 +1,44 @@ +Returns all activities that were alerted or blocked by Defender functioning as Open Policy Agent admission controller. + +### cURL Request +Refer to the following example cURL command that gives a list of all admission audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/admission" + +``` +### cURL response + +``` +{ + "time": "2022-11-24T13:46:37.057Z", + "ruleName": "Twistlock Labs - CIS - Pod created in host process ID namespace", + "message": "Pod created in host process ID namespace", + "operation": "CREATE", + "kind": "Pod", + "resource": "pods", + "username": "kubernetes-admin", + "userUid": "aws-iam-authenticator:496947949261:AIDAXHNDH53GRQMZMIOQT", + "userGroups": "system:masters, system:authenticated", + "namespace": "default", + "effect": "alert", + "rawRequest": "{\"uid\":\"78d11e35-14ab-4b19-b3d3-a97b4252b56f\",\"kind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"resource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"requestKind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"requestResource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"name\":\"nginx2\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"kubernetes-admin\",\"uid\":... + ... + ... + ... +}”, + "accountID": "496947949261", + "collections": [ + "All" + ], + "cluster": "johndoe-eks-123", + "attackTechniques": [ + "privilegedContainer" + ] +} + +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/audits.md b/openapi-specs/compute/32-05/desc/audits/audits.md new file mode 100644 index 000000000..3597546d6 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/audits.md @@ -0,0 +1,16 @@ +Retrieve audits from the Prisma Cloud Compute database. +Prisma Cloud Compute creates and stores audit events for the components that are associated with a policy (rule) and shows deviation from that policy. +Endpoints support a wide range of filtering options. + +### Authentication + +#### Basic Auth +##### Headers + - Authorization: required (string): Authenticates with the Base64-encoded "username:password" credentials. + +#### JWT Access Token +Use POST, /api/vVERSION/authenticate for authorization +##### Headers + - Authorization: required (string): Authenticates with the Bearer authentication scheme to transmit the access token. + Example: + Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJk………… \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/firewall_network_container_download_get.md b/openapi-specs/compute/32-05/desc/audits/firewall_network_container_download_get.md new file mode 100644 index 000000000..29029ac6d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/firewall_network_container_download_get.md @@ -0,0 +1,21 @@ +Returns the Cloud Native Network Segmentation (CNNS) container audit events data in CSV format. + +For more information, see the [Cloud Native Network Segmentation (CNNS)](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/firewalls/cnns_saas) + +For containers, rules are defined between: +* Image to image. +* Image to Image to an external network not protected by Prisma Cloud. +* Image to DNS domain. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/network/container/download" +``` diff --git a/openapi-specs/compute/32-05/desc/audits/firewall_network_container_get.md b/openapi-specs/compute/32-05/desc/audits/firewall_network_container_get.md new file mode 100644 index 000000000..454558a44 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/firewall_network_container_get.md @@ -0,0 +1,64 @@ +Retrieves all Cloud Native Network Segmentation (CNNS) container audit events. + +For more information, see the [Cloud Native Network Segmentation (CNNS)](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/firewalls/cnns_saas) + +For containers, rules are defined between: +* Image to image. +* Image to an external network not protected by Prisma Cloud. +* Image to DNS domain. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/network/container" +``` + +### cURL Response + +``` +{ + "_id": "localhost", + "time": "2022-11-14T11:02:43.151Z", + "total": 1, + "resource": { + "images": [ + "" + ] + }, + "collections": [ + "All", + "user123" + ], + "audits": { + "unexpectedConnection": { + "count": 1, + "audits": [ + { + "ruleID": 4, + "time": "2022-11-14T11:02:43.151Z", + "type": "unexpectedConnection", + "srcProfileID": "sha256:8d5df41c547bd107c14368ad302efc46760940ae188df451cabc23e10f7f161b_user_tkgi-users", + "dstProfileID": "20", + "srcProfileHash": 228, + "srcContainerName": "users-ubuntu", + "dstContainerName": "", + "dstSubnet": "localhost", + "srcImageName": "docker.io/library/ubuntu:18.04", + "dstImageName": "", + "dstPort": 8000, + "block": false, + "count": 1, + "msg": "Unexpected connection to ip 127.0.0.1" + } + ] + } + } + } + +``` diff --git a/openapi-specs/compute/32-05/desc/audits/firewall_network_host_download_get.md b/openapi-specs/compute/32-05/desc/audits/firewall_network_host_download_get.md new file mode 100644 index 000000000..768dd00d7 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/firewall_network_host_download_get.md @@ -0,0 +1,19 @@ +Returns the Cloud Native Network Segmentation (CNNS) host audit events data in CSV format. + +For hosts, rules are defined between: +* Host to host. +* Host to an external network not protected by Prisma Cloud. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/network/host/download" +``` + diff --git a/openapi-specs/compute/32-05/desc/audits/firewall_network_host_get.md b/openapi-specs/compute/32-05/desc/audits/firewall_network_host_get.md new file mode 100644 index 000000000..e5dc4c399 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/firewall_network_host_get.md @@ -0,0 +1,96 @@ +Retrieves all Cloud Native Network Segmentation (CNNS) host audits. + +For hosts, rules are defined between: +* Host to host. +* Host to an external network not protected by Prisma Cloud + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/network/host" +``` + +### cURL Response + +``` +{ + "_id": "john-photon-v3-0811t165011-host-def-pre-lngcon230", + "time": "2022-11-08T20:22:52.207Z", + "total": 4, + "resource": { + "hosts": [ + "john-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "john-photon-v3-0811t165011-host-def-pre-lngcon230" + ], + "accountIDs": [ + "twistlock-test-247119" + ] + }, + "collections": [ + "All", + "registry_scan_container_cen8-container_22_11_384_piu", + "photon-v3-host_crn", + "compliance_photon_etz", + "cnnf_cen8_client_itu", + "cnnf_photon_server_fsr" + ], + "audits": { + "unexpectedConnection": { + "count": 4, + "audits": [ + { + "ruleID": 15, + "time": "2022-11-08T20:22:52.207Z", + "type": "unexpectedConnection", + "srcHostname": "john-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "dstHostname": "john-photon-v3-0811t165011-host-def-pre-lngcon230", + "dstPort": 80, + "block": false, + "count": 1, + "accountID": "twistlock-test-247119" + }, + { + "ruleID": 15, + "time": "2022-11-08T20:22:48.175Z", + "type": "unexpectedConnection", + "srcHostname": "john-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "dstHostname": "john-photon-v3-0811t165011-host-def-pre-lngcon230", + "dstPort": 80, + "block": false, + "count": 1, + "accountID": "twistlock-test-247119" + }, + { + "ruleID": 15, + "time": "2022-11-08T20:22:46.127Z", + "type": "unexpectedConnection", + "srcHostname": "john-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "dstHostname": "john-photon-v3-0811t165011-host-def-pre-lngcon230", + "dstPort": 80, + "block": false, + "count": 1, + "accountID": "twistlock-test-247119" + }, + { + "ruleID": 15, + "time": "2022-11-08T20:22:45.122Z", + "type": "unexpectedConnection", + "srcHostname": "john-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "dstHostname": "john-photon-v3-0811t165011-host-def-pre-lngcon230", + "dstPort": 80, + "block": false, + "count": 1, + "accountID": "twistlock-test-247119" + } + ] + } + } + } + +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/incidents_archive_patch.md b/openapi-specs/compute/32-05/desc/audits/incidents_archive_patch.md new file mode 100644 index 000000000..a1127a001 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/incidents_archive_patch.md @@ -0,0 +1,18 @@ +Acknowledges an incident and moves it to an archived state. +Requires a path parameter: id, an Incident ID + +You can get an incident ID from the list of incidents using the endpoint GET /api/vVERSION/audits/incidents. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PATCH \ + -d {"acknowledged":true} \ + "https:///api/v/audits/incidents/acknowledge/637627beb2a8e98a1c36a9db" + +``` +To undo this action (unarchive an incident), set the body parameter "acknowledged": false \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/incidents_download_get.md b/openapi-specs/compute/32-05/desc/audits/incidents_download_get.md new file mode 100644 index 000000000..2266c3471 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/incidents_download_get.md @@ -0,0 +1,20 @@ +Downloads a list of incidents which are not acknowledged (i.e., not in archived state) in CSV format. +Prisma Cloud Compute analyzes individual audits and correlates them together to surface unfolding attacks. +These chains of related audits are called incidents. + +This endpoint maps to the **CSV** hyperlink in **Monitor > Runtime > Incident explorer** in the Console UI. + +### cURL Request + +The following cURL command downloads all incidents and saves the result in a CSV file called `incidents.csv`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o incidents.csv \ + https:///api/v/audits/incidents/download +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/32-05/desc/audits/incidents_filters_get.md b/openapi-specs/compute/32-05/desc/audits/incidents_filters_get.md new file mode 100644 index 000000000..7d1c6f303 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/incidents_filters_get.md @@ -0,0 +1,15 @@ +This endpoint lists the incident categories found in your environment. + +The following example lists incident filters. + +```bash +$ curl -k \ + -u \ + https://console:8083/api/v1/audits/incidents/filters +``` + +Response: + +``` +{"hostname":["aqsa-lab.internal"],"category":["hijackedProcess","dataExfiltration"]} +``` diff --git a/openapi-specs/compute/32-05/desc/audits/incidents_get.md b/openapi-specs/compute/32-05/desc/audits/incidents_get.md new file mode 100644 index 000000000..7724a08c1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/incidents_get.md @@ -0,0 +1,19 @@ +Retrieves a list of incidents that are not acknowledged (i.e., not in archived state). +Prisma Cloud Compute analyzes individual audits and correlates them together to surface unfolding attacks. +These chains of related audits are called incidents. + +This endpoint maps to the table in **Monitor > Runtime > Incident explorer** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves a list of unacknowledged incidents (not in the archived state): + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/incidents?acknowledged=false" +``` + +A successful response returns the incidents. diff --git a/openapi-specs/compute/32-05/desc/audits/kubernetes_download_get.md b/openapi-specs/compute/32-05/desc/audits/kubernetes_download_get.md new file mode 100644 index 000000000..6008bd92a --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/kubernetes_download_get.md @@ -0,0 +1,17 @@ +Returns the audit events data that occur in an integrated Kubernetes cluster that you configured for Prisma Cloud Compute under **Defend > Access > Kubernetes** in CSV format. + +**Note:** This endpoint relates to the **Monitor > Events > Kubernetes** audits in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/kubernetes/download" +``` + diff --git a/openapi-specs/compute/32-05/desc/audits/kubernetes_get.md b/openapi-specs/compute/32-05/desc/audits/kubernetes_get.md new file mode 100644 index 000000000..e1ecb8a88 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/kubernetes_get.md @@ -0,0 +1,55 @@ +Retrieves events that occur in an integrated Kubernetes cluster that you configured for Prisma Cloud Compute under **Defend > Access > Kubernetes**. + +**Note:** This endpoint relates to the **Monitor > Events > Kubernetes** audits in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/kubernetes" +``` + +### cURL Response + +``` +{ + "time": "2022-11-23T16:20:20.383Z", + "verb": "io.k8s.core.v1.pods.exec.create", + "user": { + "username": "johndoe@paloaltonetworks.com" + }, + "authorizationInfo": { + "authorization.k8s.io/decision": "allow", + "authorization.k8s.io/reason": "access granted by IAM permissions.", + "failed-open.validating.webhook.admission.k8s.io/round_0_index_0": "validating-webhook.twistlock.com" + }, + "message": "Exec or attach to a pod detected on GKE", + "sourceIPs": [ + "private" + ], + "resources": "core/v1/namespaces/default/pods/test-pd/exec", + ... + ... + ..., + "attackTechniques": [ + "execIntoContainer" + ], + "cluster": "johndoe-gke-9916911d51921853", + "accountID": "twistlock-test-247119", + "provider": "gcp", + "collections": [ + "All", + "user1", + "tv test", + "tv test2" + ] + } + + +``` + diff --git a/openapi-specs/compute/32-05/desc/audits/mgmt_download_get.md b/openapi-specs/compute/32-05/desc/audits/mgmt_download_get.md new file mode 100644 index 000000000..ae3ef45b6 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/mgmt_download_get.md @@ -0,0 +1,19 @@ +Returns the management audit events data in CSV format. + +Management audits are: +* Changes to any settings (including previous and new values) +* Changes to any rules (create, modify, or delete) +* Logon activities (success and failure) + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/mgmt/download" +``` diff --git a/openapi-specs/compute/32-05/desc/audits/mgmt_filters_get.md b/openapi-specs/compute/32-05/desc/audits/mgmt_filters_get.md new file mode 100644 index 000000000..854977b99 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/mgmt_filters_get.md @@ -0,0 +1,36 @@ +Retrieves a list of management audit types from your environment. +Use these filters to query management audit events. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/mgmt/filters" +``` +### cURL Response + +``` +{ + "type": [ + "group", + "login", + "role", + "rule", + "settings", + "user" + ], + "username": [ + "admin2", + "ReadOnly", + "admin", + "ci", + "development-user" + ] +} + +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/mgmt_get.md b/openapi-specs/compute/32-05/desc/audits/mgmt_get.md new file mode 100644 index 000000000..5b586cb5e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/mgmt_get.md @@ -0,0 +1,35 @@ +Retrieves a list of all management audit events. + +Management audit events are: +* Changes to any settings (including previous and new values) +* Changes to any rules (create, modify, or delete) +* Logon activities (success and failure) + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/mgmt" +``` + +### cURL Response + +``` +{ + "username": "user", + "sourceIP": "10.47.99.218", + "time": "2022-11-22T03:11:15.39Z", + "type": "login", + "diff": "", + "status": "successful login attempt", + "failure": false, + "api": "/api/v1/authenticate" + } + + +``` diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_app_embedded_download_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_app_embedded_download_get.md new file mode 100644 index 000000000..f3d844ead --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_app_embedded_download_get.md @@ -0,0 +1,14 @@ +Returns the app-embedded runtime audit events data in CSV format. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/runtime/app-embedded/download" +``` diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_app_embedded_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_app_embedded_get.md new file mode 100644 index 000000000..c1d72acfa --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_app_embedded_get.md @@ -0,0 +1,48 @@ +Retrieves all app-embedded runtime audit events. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/app-embedded" +``` + +### cURL Response + +``` +{ + "_id": "636be11d2408ed63b48ebd44", + "time": "2022-11-09T17:19:25.12Z", + "hostname": "automation_azure_presetup-prevent-tvzwx:aa9f944f-0456-004d-7c69-fd444591fefd", + "fqdn": "", + "user": "root", + "type": "network", + "imageName": "automation_azure_presetup-prevent-tvzwx", + "imageId": "b446aac9-6ee0-f254-ff75-cb21755cebdb", + "effect": "prevent", + "ruleName": "automation_azure_presetup-prevent-tvzwx_wul", + "msg": "DNS resolution of domain name SandboxHost-638036111205626034 triggered by /usr/local/bin/python3.9 explicitly denied by a runtime rule", + "profileId": "automation_azure_presetup-prevent-tvzwx:aa9f944f-0456-004d-7c69-fd444591fefd_", + "pid": 28, + "processPath": "/usr/local/bin/python3.9", + "collections": [ + "All", + "automation_azure_presetup-prevent-tvzwx_dde" + ], + "attackType": "explicitlyDeniedDNS", + "count": 1, + "severity": "high", + "appID": "automation_azure_presetup-prevent-tvzwx:aa9f944f-0456-004d-7c69-fd444591fefd", + "version": "22.11.384", + "accountID": "Non-onboarded cloud accounts" +} +... +... +... + +``` diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_container_delete.md b/openapi-specs/compute/32-05/desc/audits/runtime_container_delete.md new file mode 100644 index 000000000..ddc8e82d6 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_container_delete.md @@ -0,0 +1,11 @@ +Deletes all container runtime audits. + +The following example curl command uses basic auth to delete all the audits: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/audits/runtime/container +``` diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_container_download_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_container_download_get.md new file mode 100644 index 000000000..20e673b5e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_container_download_get.md @@ -0,0 +1,15 @@ +Returns the container audit events data in CSV format when a runtime sensor such as process, network, file system, or system call detects an activity that deviates from the predictive model. + +**Note**: In Console, you can view the same under **Monitor > Events > Container Audits**. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -X GET \ + -o \ + "https:///api/v/audits/runtime/container/download" + +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_container_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_container_get.md new file mode 100644 index 000000000..11beffb24 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_container_get.md @@ -0,0 +1,60 @@ +Retrieves all container audit events when a runtime sensor such as process, network, file system, or system call detects an activity that deviates from the predictive model. + +**Note**: In Console, you can view the same under **Monitor > Events > Container Audits**. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/container" +``` +### cURL Response + +``` +{ + "os": "Ubuntu 20.04.4 LTS", + "_id": "636a952a5a293a6ea06cbb87", + "time": "2022-11-08T17:43:06.68Z", + "hostname": "jen-sle15-dock-0811t165158-cont-def-pre-lngcon230.c.twistlock-test-247119.internal", + "fqdn": "", + "user": "root", + "type": "processes", + "containerId": "6d5b5401b0e406ad064e7020b663236d0df177fa7f4a060c2f21262c27a4a6b2", + "containerName": "/runtime-wf-base-alert", + "imageName": "usertwistlock/ubuntu:wf-base", + "imageId": "sha256:76913b92c0cbacbec7440a62d751c0a38aba1dde6aefe9e832d2a3aa0a3c3f9f", + "effect": "alert", + "ruleName": "sle15-container_alert_usertwistlock/ubuntu:wf-base_mqu", + "msg": "/usr/bin/dash launched but is not found in the runtime model. Full command: /bin/sh -c sleep 3; curl http://169.254.169.254:80", + "profileId": "sha256:76913b92c0cbacbec7440a62d751c0a38aba1dde6aefe9e832d2a3aa0a3c3f9f__", + "interactive": true, + "pid": 1955, + "processPath": "/usr/bin/dash", + "collections": [ + "All", + "Prisma Cloud resources", + "registry_scan_container_sle15-container_22_11_384_ghf", + "sle15-container_alert_cnd" + ], + "attackType": "unexpectedProcess", + "count": 1, + "container": true, + "severity": "high", + "region": "us-central1-a", + "accountID": "twistlock-test-247119", + "attackTechniques": [ + "nativeBinaryExecution" + ], + "command": "/bin/sh -c sleep 3; curl http://169.254.169.253:80", + "provider": "gcp" + } +... +... +... + +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_container_timeslice_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_container_timeslice_get.md new file mode 100644 index 000000000..f65d477af --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_container_timeslice_get.md @@ -0,0 +1,35 @@ +Retrieves the container audit events when a runtime sensor such as process, network, file system, or system call detects an activity that deviates from the predictive model for a specific time frame. + +**Note**: In Console, you can view the same under **Monitor > Events > Container Audits**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Query within the range of 1-100. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/container/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` +### cURL Response + +``` +{ + "start": "2022-11-16T10:35:57Z", + "end": "2022-11-16T15:23:57Z", + "count": 87 +} + +``` + +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_file-integrity_download_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_file-integrity_download_get.md new file mode 100644 index 000000000..99ec70c52 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_file-integrity_download_get.md @@ -0,0 +1,14 @@ +Returns the audit events data in CSV format for file-integrity checks that are configured under host runtime rules. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + "https:///api/v/audits/runtime/file-integrity/download" +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_file-integrity_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_file-integrity_get.md new file mode 100644 index 000000000..53fec9f9f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_file-integrity_get.md @@ -0,0 +1,41 @@ +Retrieves all audit events for file-integrity checks that are configured under host runtime rules. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/file-integrity" +``` +### cURL Response + +``` +{ + "_id": "63762bc3b2a8e98a1c36a9e6", + "eventType": "read", + "path": "/etc/user/user", + "fileType": 2, + "processName": "cat", + "user": "ubuntu", + "time": "2022-11-17T12:40:35.046Z", + "description": "Process cat read from path (user: ubuntu)", + "hostname": "ip-172-31-9-109.ec2.internal", + "fqdn": "", + "ruleName": "user-host-arm", + "accountID": "496947949261", + "collections": [ + "All", + "waas_oob_collection", + "user123" + ], + "cluster": "" +} +... +... +... + +``` diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_host_delete.md b/openapi-specs/compute/32-05/desc/audits/runtime_host_delete.md new file mode 100644 index 000000000..0ab1c877e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_host_delete.md @@ -0,0 +1,10 @@ +Deletes all host audits from the database. + +The following example curl command uses basic auth to delete all host audits: + +```bash +$ curl -k \ + -u \ + -X DELETE \ + https://:8083/api/v1/audits/runtime/host +``` diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_host_download_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_host_download_get.md new file mode 100644 index 000000000..4d0454f56 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_host_download_get.md @@ -0,0 +1,15 @@ +Returns the runtime host audit events data in CSV format. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/runtime/host/download" +``` + diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_host_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_host_get.md new file mode 100644 index 000000000..044b8b42d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_host_get.md @@ -0,0 +1,45 @@ +Retrieves the runtime host audit events. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/host" +``` +### cURL Response + +``` +{ + "_id": "637628beb2a8e98a1c36a9e1", + "time": "2022-11-17T12:27:42.003Z", + "hostname": "ip-172-31-9-109.ec2.internal", + "fqdn": "", + "type": "network", + "effect": "alert", + "ruleName": "user-host-arm", + "msg": "DNS resolution of name www.yahoo.com, type AAAA explicitly denied by a runtime rule", + "profileId": "ip-172-31-9-109.ec2.internal", + "collections": [ + "All", + "waas_oob_collection", + "user123" + ], + "attackType": "explicitlyDeniedDNS", + "count": 1, + "severity": "high", + "region": "us-east-1", + "accountID": "496947949261", + "domain": "www.yahoo.com", + "provider": "aws", + "resourceID": "i-0bc31d26963bd2933" +} +... +... +... + +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_host_timeslice_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_host_timeslice_get.md new file mode 100644 index 000000000..8933efa74 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_host_timeslice_get.md @@ -0,0 +1,40 @@ +Retrieves the runtime host audit events for a specific time frame. + +**Note**: In Console, you can view the same under **Monitor > Events > Container Audits**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Query within the range of 1-100. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/host/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` +### cURL Response + +``` +{ + "start": "2022-11-12T15:23:57Z", + "end": "2022-11-13T15:23:57Z", + "count": 2 +}, +{ + "start": "2022-11-13T15:23:57Z", + "end": "2022-11-14T15:23:57Z", + "count": 1 +} + +``` + +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_log-inspection_download_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_log-inspection_download_get.md new file mode 100644 index 000000000..f047ed96f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_log-inspection_download_get.md @@ -0,0 +1,15 @@ +Returns the audit events data in CSV format for log inspection checks that are configured under host runtime rules. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/incidents/runtime/log-inspection/download" +``` + diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_log-inspection_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_log-inspection_get.md new file mode 100644 index 000000000..49f0d7be4 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_log-inspection_get.md @@ -0,0 +1,34 @@ +Retrieves all audit events for log inspection checks that are configured under host runtime rules. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/log-inspection" +``` + +### cURL Response + +``` +{ + "_id": "637639e2b962a7ae744851bf", + "logfile": "/var/lib/twistlock/log/console.log", + "line": "DEBU 2022-11-17T13:40:50.066 route_handler_middleware.go:507 GET /api/v1/audits/runtime/log-inspection?limit=20&offset=0&project=Central+Console&reverse=false&search=panic ssugandh admin 0.10s", + "time": "2022-11-17T13:40:50.067Z", + "hostname": "jen-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "ruleName": "panic_error_log", + "accountID": "twistlock-test-247119", + "collections": [ + "All", + "registry_scan_container_cen8-container_22_11_384_piu", + "cnnf_cen8_client_itu" + ], + "cluster": "" +} + +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_rasp_delete.md b/openapi-specs/compute/32-05/desc/audits/runtime_rasp_delete.md new file mode 100644 index 000000000..688e04038 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_rasp_delete.md @@ -0,0 +1,9 @@ +Deletes all RASP Defender runtime audits. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/audits/runtime/rasp +``` diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_rasp_download_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_rasp_download_get.md new file mode 100644 index 000000000..303c75858 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_rasp_download_get.md @@ -0,0 +1,10 @@ +Returns CSV data describing all RASP Defender runtime events. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o rasp-audits.csv + https://:8083/api/v1/audits/runtime/rasp/download +``` diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_rasp_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_rasp_get.md new file mode 100644 index 000000000..229d908b1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_rasp_get.md @@ -0,0 +1,9 @@ +Returns JSON data describing all RASP Defender runtime events. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/audits/runtime/rasp/download +``` diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_serverless_delete.md b/openapi-specs/compute/32-05/desc/audits/runtime_serverless_delete.md new file mode 100644 index 000000000..99ada0515 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_serverless_delete.md @@ -0,0 +1,13 @@ +This endpoint will delete all serverless runtime audits. + +The following example curl command uses basic auth to delete the current audits: + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/audits/runtime/serverless +``` + diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_serverless_download_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_serverless_download_get.md new file mode 100644 index 000000000..f829d2342 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_serverless_download_get.md @@ -0,0 +1,14 @@ +Returns the scan audit events data in CSV format for any configured serverless functions in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/runtime/serverless/download" +``` diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_serverless_filters_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_serverless_filters_get.md new file mode 100644 index 000000000..b9bf38610 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_serverless_filters_get.md @@ -0,0 +1,11 @@ +Returns all serverless filters in JSON format. +These filters can be used in the base `GET` request as query parameters. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://CONSOLE_ADDRESS:PORT/api/v1/audits/runtime/serverless/filters +``` + diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_serverless_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_serverless_get.md new file mode 100644 index 000000000..045946886 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_serverless_get.md @@ -0,0 +1,31 @@ +Retrieves all scan events for any configured serverless functions in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/serverless" +``` +### cURL Response + +``` +{ + "time": "2022-11-22T12:27:19.329Z", + "fqdn": "", + "type": "", + "effect": "", + "ruleName": "", + "msg": "C:\\home\\xmrig launched by C:\\Windows\\system32\\inetsrv\\w3wp.exe and is identified as a crypto miner. Full command: \"C:\\home\\xmrig\" /I windows C:\\Windows\\*", + "count": 1, + "function": "Test44", + "region": "Central US", + "runtime": "dotnet", + "provider": "azure" +} + +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/runtime_serverless_timeslice_get.md b/openapi-specs/compute/32-05/desc/audits/runtime_serverless_timeslice_get.md new file mode 100644 index 000000000..863890174 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/runtime_serverless_timeslice_get.md @@ -0,0 +1,35 @@ +Retrieves all scan events for any configured serverless functions in Prisma Cloud Compute for a specific time frame. + +**Note**: In Console, you can view the same under **Monitor > Events > Container Audits**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Query within the range of 1-100. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/serverless/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` +### cURL Response + +``` +{ + "start": "2022-10-23T06:35:50.254Z", + "end": "2022-10-24T04:58:47.103Z", + "count": 4 +} + +``` + +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/trust_delete.md b/openapi-specs/compute/32-05/desc/audits/trust_delete.md new file mode 100644 index 000000000..0bfb2bd81 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/trust_delete.md @@ -0,0 +1,9 @@ +Deletes all the trust audits from the events page in Console. + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/audits/trust +``` diff --git a/openapi-specs/compute/32-05/desc/audits/trust_download_get.md b/openapi-specs/compute/32-05/desc/audits/trust_download_get.md new file mode 100644 index 000000000..21c0e55a2 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/trust_download_get.md @@ -0,0 +1,14 @@ +Returns the trust audit events data in CSV format. + + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/trust/download" +``` diff --git a/openapi-specs/compute/32-05/desc/audits/trust_get.md b/openapi-specs/compute/32-05/desc/audits/trust_get.md new file mode 100644 index 000000000..8fb3a341d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/trust_get.md @@ -0,0 +1,103 @@ +Retrieves all the trust audit events. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/trust" +``` +### cURL Response + +``` +{ + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T18:15:06.793Z", + "total": 7, + "resource": { + "images": [ + "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9dd1b7719d2a52910d7860f22d038ab57e1d3aa5274a3d0850112394fdf4aec0" + ], + "accountIDs": [ + "twistlock-test-247119" + ], + "clusters": [ + "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + ] + }, + "collections": [ + "All" + ], + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392", + "audits": { + "untrusted": { + "count": 7, + "audits": [ + { + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T18:15:06.793Z", + "imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f8fe342716c0d9ba925a65f6f234e5c4d9670e7ea84bd227cf2af454dd4f0d", + "imageID": "0fad6b33183ae7dbd050b095bdd1d004911ba8f49d08104d513f4e0e1ee460b1", + "effect": "alert", + "ruleName": "TV 1", + "msg": "Untrusted by rule TV 1", + "count": 1, + "accountID": "twistlock-test-247119", + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + }, + { + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T18:15:04.922Z", + "imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9dd1b7719d2a52910d7860f22d038ab57e1d3aa5274a3d0850112394fdf4aec0", + "imageID": "90e290196294063f8638cbc4e4c8f1db669a0b2ff67ac2c3d6612e6f783ffbd3", + "effect": "alert", + "ruleName": "TV 1", + "msg": "Untrusted by rule TV 1", + "count": 1, + "accountID": "twistlock-test-247119", + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + }, + { + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T18:00:02.682Z", + "imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f8fe342716c0d9ba925a65f6f234e5c4d9670e7ea84bd227cf2af454dd4f0d", + "imageID": "0fad6b33183ae7dbd050b095bdd1d004911ba8f49d08104d513f4e0e1ee460b1", + "effect": "alert", + "ruleName": "TV 1", + "msg": "Untrusted by rule TV 1", + "count": 1, + "accountID": "twistlock-test-247119", + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + }, + { + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T18:00:00.733Z", + "imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9dd1b7719d2a52910d7860f22d038ab57e1d3aa5274a3d0850112394fdf4aec0", + "imageID": "90e290196294063f8638cbc4e4c8f1db669a0b2ff67ac2c3d6612e6f783ffbd3", + "effect": "alert", + "ruleName": "TV 1", + "msg": "Untrusted by rule TV 1", + "count": 1, + "accountID": "twistlock-test-247119", + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + }, + { + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T17:45:14.196Z", + "imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f8fe342716c0d9ba925a65f6f234e5c4d9670e7ea84bd227cf2af454dd4f0d", + "imageID": "0fad6b33183ae7dbd050b095bdd1d004911ba8f49d08104d513f4e0e1ee460b1", + "effect": "alert", + "ruleName": "TV 1", + "msg": "Untrusted by rule TV 1", + "count": 1, + "accountID": "twistlock-test-247119", + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + } + ] + } + } + } +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/waas_agentless_download_get.md b/openapi-specs/compute/32-05/desc/audits/waas_agentless_download_get.md new file mode 100644 index 000000000..bbfcd12f5 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/waas_agentless_download_get.md @@ -0,0 +1,16 @@ +Returns the agentless Web-Application and API Security (WAAS) audit events data in CSV format. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Agentless > Agentless WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that retrieves all agentless WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/app/agentless/download" +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/waas_agentless_get.md b/openapi-specs/compute/32-05/desc/audits/waas_agentless_get.md new file mode 100644 index 000000000..ad40ae497 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/waas_agentless_get.md @@ -0,0 +1,44 @@ +Retrieves all agentless Web-Application and API Security (WAAS) audit events. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Agentless > Agentless WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that retrieves all agentless WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/agentless" +``` + +### cURL Response + +``` +{ + "_id": "", + "time": "0001-01-01T00:00:00Z", + "hostname": "", + "fqdn": "", + "effect": "", + "ruleName": "", + "ruleAppID": "", + "msg": "", + "host": false, + "containerName": "", + "containerId": "", + "imageName": "", + "appID": "", + "type": "customRule", + "count": 60, + "url": "", + "subnet": "", + "requestHeaders": "", + "attackField": {}, + "eventID": "" +} + +``` + diff --git a/openapi-specs/compute/32-05/desc/audits/waas_agentless_timeslice_get.md b/openapi-specs/compute/32-05/desc/audits/waas_agentless_timeslice_get.md new file mode 100644 index 000000000..007c6dba3 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/waas_agentless_timeslice_get.md @@ -0,0 +1,36 @@ +Retrieves all agentless Web-Application and API Security (WAAS) audit buckets based on a specified query time frame. + +**Note:** These are based on violations of WAAS policies defined under Defend > WAAS > Agentless > Agentless WAAS Policy. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Values in the range 1-100 are accepted. + +### cURL Request + +Refer to the following example cURL command that retrieves all host WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/agentless/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` + +### cURL Response + +``` +{ + "start": "2022-11-22T02:49:23.827Z", + "end": "2022-11-23T01:12:35.884Z", + "count": 69 +} + +``` + +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/waas_app_embedded_download_get.md b/openapi-specs/compute/32-05/desc/audits/waas_app_embedded_download_get.md new file mode 100644 index 000000000..149c10376 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/waas_app_embedded_download_get.md @@ -0,0 +1,15 @@ +Returns the app-embedded WAAS audit events data in CSV format for the specified query parameters. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > App-Embedded > App-Embedded WAAS Policy**. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/app/app-embedded/download" +``` diff --git a/openapi-specs/compute/32-05/desc/audits/waas_app_embedded_get.md b/openapi-specs/compute/32-05/desc/audits/waas_app_embedded_get.md new file mode 100644 index 000000000..400fa447d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/waas_app_embedded_get.md @@ -0,0 +1,84 @@ +Returns all app-embedded WAAS audit events for the specified query parameters. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > App-Embedded > App-Embedded WAAS Policy**. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/app-embedded" +``` +### cURL Response + +``` +{ + "_id": "636ab72055e55c25de4702c3", + "time": "2022-11-08T20:08:00Z", + "hostname": "waas-mock-service-testing:24edfabfc76140ae97485844b0d7579c", + "fqdn": "", + "effect": "alert", + "ruleName": "waas-mock-service-testing_22_11_384_fargate", + "ruleAppID": "hxrbsrky", + "msg": "Detected Local File Inclusion attack in request body, match ../, value ../../", + "host": true, + "containerName": "", + "containerId": "", + "imageName": "", + "appID": "waas-mock-service-testing:24edfabfc76140ae97485844b0d7579c", + "type": "lfi", + "count": 1, + "region": "us-east-1", + "version": "22.11.384", + "accountID": "496947949261", + "url": "34.239.179.111:2001/", + "userAgentHeader": "python-requests/2.27.1", + "method": "POST", + "urlPath": "/", + "subnet": "34.72.93.22", + "requestHeaders": "POST / HTTP/1.1\r\nHost: 34.239.179.111:2001\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nContent-Length: 6\r\nUser-Agent: python-requests/2.27.1\r\n", + "requestHost": "34.239.179.111:2001", + "requestHeaderNames": [ + "Accept", + "Accept-Encoding", + "Connection", + "Content-Length", + "User-Agent" + ], + "responseHeaderNames": [ + "Content-Length", + "Content-Type", + "Date", + "Server" + ], + "statusCode": 404, + "collections": [ + "All", + "waas_collection_fargate_waas-mock-service-testing_22_11_384_zxo" + ], + "resource": { + "appIDs": [ + "waas-mock-service-testing:24edfabfc76140ae97485844b0d7579c" + ], + "accountIDs": [ + "496947949261" + ] + }, + "cluster": "automation-fargate-test", + "attackTechniques": [ + "exploitPublicFacingApplication", + "applicationExploitRCE" + ], + "protection": "firewall", + "attackField": { + "value": "../../", + "type": "rawBody" + }, + "eventID": "8513bd5f-3091-06cf-b856-4d007f11443d", + "provider": "aws" + } + +``` diff --git a/openapi-specs/compute/32-05/desc/audits/waas_app_embedded_timeslice_get.md b/openapi-specs/compute/32-05/desc/audits/waas_app_embedded_timeslice_get.md new file mode 100644 index 000000000..79a60038e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/waas_app_embedded_timeslice_get.md @@ -0,0 +1,34 @@ +Returns the app-embedded WAAS audit buckets based on the query time frame. +Use the UTC time of an audit event to query for a time frame. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > App-Embedded > App-Embedded WAAS Policy**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Values in the range 1-100 are accepted. + +### cURL Request +Refer to the following example cURL command that retrieves the app-embedded WAAS audit buckets of five between 15 Nov. 2022 (15h:23m:57s) and 16 Nov. 2022 (15h:23m:57s): + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/app-embedded/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` +### cURL Response + +``` +{ + "start":"2022-11-12T20:11:57Z", + "end":"2022-11-13T10:35:57Z", + "count":44 +} + +``` +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/waas_container_download_get.md b/openapi-specs/compute/32-05/desc/audits/waas_container_download_get.md new file mode 100644 index 000000000..9a5e04fad --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/waas_container_download_get.md @@ -0,0 +1,15 @@ +Returns the container Web-Application and API Security (WAAS) audit events data in CSV format. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > Container > Container WAAS Policy**. + +### cURL Request +Refer to the following example cURL command that downloads the WAAS container audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/app/container/download" +``` diff --git a/openapi-specs/compute/32-05/desc/audits/waas_container_get.md b/openapi-specs/compute/32-05/desc/audits/waas_container_get.md new file mode 100644 index 000000000..ac0df80fd --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/waas_container_get.md @@ -0,0 +1,98 @@ +Retrieves all container Web-Application and API Security (WAAS) audits. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > Container > Container WAAS Policy**. + +### cURL Request +Refer to the following example cURL command that retrieves all container WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/container" + +``` + +### cURL Response +``` +{ + "_id": "636aa20ca5eab1d485abc519", + "profileId": "sha256:a9301dac5a66b3f54a324b9ee737c64a1cc68d2186d8082df82755fb6d551a06_waas_k8s-v1-23-13-docker-20-10-21-kube-ssugandh-2b19f07bd1e31534", + "time": "2022-11-08T18:38:04Z", + "hostname": "kube-ssugandh-2b19f07bd1e31534-k8s-worker-1", + "fqdn": "", + "effect": "alert", + "ruleName": "k8s-7878_384_kubernetes", + "ruleAppID": "zhdmrlnr", + "msg": "Detected Local File Inclusion attack in request body, match ../, value ../../", + "host": false, + "containerName": "/k8s_mock-web-service-36666_mock-web-service-32001_waas_52d3dccd-44b4-48fa-b149-60835b47c614_0", + "containerId": "22c03ede91779978eb664c03189e3b69432e754b984dd9be203e7567fc6461ba", + "imageName": "doctwistlock/waas-mock-service:latest", + "appID": "", + "type": "lfi", + "count": 1, + "region": "us-central1-a", + "version": "22.11.384", + "accountID": "twistlock-test-247119", + "url": "10.180.31.40:32001/", + "userAgentHeader": "python-requests/2.27.1", + "method": "POST", + "urlPath": "/", + "subnet": "10.180.31.40", + "requestHeaders": "POST / HTTP/1.1\r\nHost: 10.180.31.40:32001\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nContent-Length: 6\r\nUser-Agent: python-requests/2.27.1\r\n", + "requestHost": "10.180.31.40:32001", + "requestHeaderNames": [ + "Accept", + "Accept-Encoding", + "Connection", + "Content-Length", + "User-Agent" + ], + "responseHeaderNames": [ + "Content-Length", + "Content-Type", + "Date", + "Server" + ], + "statusCode": 404, + "collections": [ + "All", + "Prisma Cloud resources" + ], + "os": "Ubuntu 20.04.5 LTS", + "ns": [ + "waas" + ], + "resource": { + "images": [ + "doctwistlock/waas-mock-service:latest" + ], + "namespaces": [ + "waas" + ], + "accountIDs": [ + "twistlock-test-247119" + ] + }, + "cluster": "k8s-v1-23-13-docker-20-10-21-kube-ssugandh-2b19f07bd1e31534", + "attackTechniques": [ + "exploitPublicFacingApplication", + "applicationExploitRCE" + ], + "protection": "firewall", + "attackField": { + "value": "../../", + "type": "rawBody" + }, + "eventID": "dc2fb804-27b1-40f4-6b73-ae54783c548a", + "provider": "gcp" + }, + ... + ... + ... + +} + +``` diff --git a/openapi-specs/compute/32-05/desc/audits/waas_container_timeslice_get.md b/openapi-specs/compute/32-05/desc/audits/waas_container_timeslice_get.md new file mode 100644 index 000000000..a56b4c48f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/waas_container_timeslice_get.md @@ -0,0 +1,34 @@ +Retrieves all container Web-Application and API Security (WAAS) audit events for a specific time frame. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > Container > Container WAAS Policy**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Values in the range 1-100 are accepted. + +### cURL Request +Refer to the following example cURL command that retrieves the container WAAS audit buckets of five between 15 Nov. 2022 (15h:23m:57s) and 16 Nov. 2022 (15h:23m:57s):: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/container/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" + +``` + +### cURL Response +``` +{ + "start": "2022-11-16T10:35:57Z", + "end": "2022-11-16T15:23:57Z", + "count": 46 +} + +``` +Response Parameters: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/waas_host_download_get.md b/openapi-specs/compute/32-05/desc/audits/waas_host_download_get.md new file mode 100644 index 000000000..4bc66202b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/waas_host_download_get.md @@ -0,0 +1,16 @@ +Returns the host Web-Application and API Security (WAAS) audit events data in CSV format. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > Host > Host WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that downloads the host WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https://console:8083/api/v/audits/firewall/app/host/download" +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/audits/waas_host_get.md b/openapi-specs/compute/32-05/desc/audits/waas_host_get.md new file mode 100644 index 000000000..14c967594 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/waas_host_get.md @@ -0,0 +1,89 @@ +Retrieves all host Web-Application and API Security (WAAS) audit events. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Host > Host WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that retrieves all host WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/host" +``` + +### cURL Response + +``` +{ + "_id": "636ab7190487e34d5461a141", + "profileId": "jen-rhe7-0811t164940-host-def-pre-lngcon230.c.twistlock-test-247119.internal", + "time": "2022-11-08T20:07:53Z", + "hostname": "jen-rhe7-0811t164940-host-def-pre-lngcon230.c.twistlock-test-247119.internal", + "fqdn": "", + "effect": "alert", + "ruleName": "rhe7-host_22_11_384_host", + "ruleAppID": "cggseacq", + "msg": "Detected Local File Inclusion attack in request body, match ../, value ../../", + "host": true, + "containerName": "", + "containerId": "", + "imageName": "", + "appID": "", + "type": "lfi", + "count": 1, + "region": "us-central1-a", + "version": "22.11.384", + "accountID": "twistlock-test-247119", + "url": "10.181.239.16:2001/", + "userAgentHeader": "python-requests/2.27.1", + "method": "POST", + "urlPath": "/", + "subnet": "10.180.30.249", + "requestHeaders": "POST / HTTP/1.1\r\nHost: 10.181.239.16:2001\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nContent-Length: 6\r\nUser-Agent: python-requests/2.27.1\r\n", + "requestHost": "10.181.239.16:2001", + "requestHeaderNames": [ + "Accept", + "Accept-Encoding", + "Connection", + "Content-Length", + "User-Agent" + ], + "responseHeaderNames": [ + "Content-Length", + "Content-Type", + "Date", + "Server" + ], + "statusCode": 404, + "collections": [ + "All", + "rhe7-host_mhm", + "compliance_rhe7_hhk", + "waas_collection_host_rhe7-host_22_11_384_hpx" + ], + "resource": { + "hosts": [ + "jen-rhe7-0811t164940-host-def-pre-lngcon230.c.twistlock-test-247119.internal" + ], + "accountIDs": [ + "twistlock-test-247119" + ] + }, + "attackTechniques": [ + "exploitPublicFacingApplication", + "applicationExploitRCE" + ], + "protection": "firewall", + "attackField": { + "value": "../../", + "type": "rawBody" + }, + "eventID": "306032c4-2175-6d95-7a2c-c9abacfc9cb6", + "provider": "gcp" + } + +``` + diff --git a/openapi-specs/compute/32-05/desc/audits/waas_host_timeslice_get.md b/openapi-specs/compute/32-05/desc/audits/waas_host_timeslice_get.md new file mode 100644 index 000000000..e28ed7b7a --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/waas_host_timeslice_get.md @@ -0,0 +1,35 @@ +Retrieves all host Web-Application and API Security (WAAS) audit events. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Host > Host WAAS Policy**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Values in the range 1-100 are accepted. + +### cURL Request + +Refer to the following example cURL command that retrieves host WAAS audit events for a specific time frame: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/hosttimeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` + +### cURL Response + +``` +{ + "start": "2022-11-16T10:35:57Z", + "end": "2022-11-16T15:23:57Z", + "count": 46 +} + +``` +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. diff --git a/openapi-specs/compute/32-05/desc/audits/waas_serverless_download_get.md b/openapi-specs/compute/32-05/desc/audits/waas_serverless_download_get.md new file mode 100644 index 000000000..da05504df --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/waas_serverless_download_get.md @@ -0,0 +1,18 @@ +Returns the serverless function Web-Application and API Security (WAAS) audit events data in CSV format. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Serverless > Serverless WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that downloads the serverless WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/app/serverless/download" + +``` + diff --git a/openapi-specs/compute/32-05/desc/audits/waas_serverless_get.md b/openapi-specs/compute/32-05/desc/audits/waas_serverless_get.md new file mode 100644 index 000000000..fe482a3f3 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/waas_serverless_get.md @@ -0,0 +1,44 @@ +Retrieves all serverless function Web-Application and API Security (WAAS) audit events. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Serverless > Serverless WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that retrieves all serverless WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/serverless" +``` + +### cURL Response + +``` +{ + "_id": "", + "time": "0001-01-01T00:00:00Z", + "hostname": "", + "fqdn": "", + "effect": "", + "ruleName": "", + "ruleAppID": "", + "msg": "", + "host": false, + "containerName": "", + "containerId": "", + "imageName": "", + "appID": "", + "type": "cmdi", + "count": 1, + "url": "", + "subnet": "", + "requestHeaders": "", + "attackField": {}, + "eventID": "" +} + +``` + diff --git a/openapi-specs/compute/32-05/desc/audits/waas_serverless_timeslice_get.md b/openapi-specs/compute/32-05/desc/audits/waas_serverless_timeslice_get.md new file mode 100644 index 000000000..ec9ff3df1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/audits/waas_serverless_timeslice_get.md @@ -0,0 +1,35 @@ +Retrieves all serverless Web-Application and API Security (WAAS) audit buckets based on a specified query time frame in UTC. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Serverless > Serverless WAAS Policy**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Values in the range 1-100 are accepted. + +### cURL Request + +Refer to the following example cURL command that retrieves the serverless WAAS audit events for a : + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/serverless/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` + +### cURL Response + +``` +{ + "start": "2022-11-21T04:26:58.066Z", + "end": "2022-11-22T02:49:58.549Z", + "count": 1 +} + +``` +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the start time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. diff --git a/openapi-specs/compute/32-05/desc/authenticate-client/authenticate-client.md b/openapi-specs/compute/32-05/desc/authenticate-client/authenticate-client.md new file mode 100644 index 000000000..cee2db629 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/authenticate-client/authenticate-client.md @@ -0,0 +1,8 @@ +Retrieves an access token using a client certificate. +Valid tokens are required to access the rest of the Prisma Cloud Compute API. +Use this endpoint if your organization has rolled out multi-factor authentication built on X.509 certificates. + +The API can also be accessed using basic auth. + +* For Prisma Cloud Enterprise Edition (SaaS), see [here](https://prisma.pan.dev/docs/cloud/cwpp/access-api-self-hosted). +* For Prisma Cloud Compute Edition (self-hosted), see [here](https://prisma.pan.dev/docs/cloud/cwpp/access-api-saas). diff --git a/openapi-specs/compute/32-05/desc/authenticate-client/post.md b/openapi-specs/compute/32-05/desc/authenticate-client/post.md new file mode 100644 index 000000000..bc493d04e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/authenticate-client/post.md @@ -0,0 +1,26 @@ +Retrieves an access token using a client certificate. +This endpoint checks the supplied client certificate and authorizes the user based on the username in the certificate's CN or UPN field. + +**Note:** The certificate must be in PEM format, and the certificate file must consist of a client certificate concatenated together with a private key. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -X POST \ + --cert \ + https:///api/v/authenticate-client +``` + +### Response + +Refer to the following example cURL response that returns the user's role and an access token that you can use for subsequent API calls: + +```bash +{ + "admin", + "" +} +``` diff --git a/openapi-specs/compute/32-05/desc/authenticate/authenticate.md b/openapi-specs/compute/32-05/desc/authenticate/authenticate.md new file mode 100644 index 000000000..42b5d3e34 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/authenticate/authenticate.md @@ -0,0 +1,4 @@ +Retrieves an access token using your credentials. +Valid tokens are required to access the rest of the Prisma Cloud Compute API. + +**Note:** The Prisma Cloud Compute API can also be accessed using [basic auth](https://docs.twistlock.com/docs/latest/api/access_api.html). diff --git a/openapi-specs/compute/32-05/desc/authenticate/post.md b/openapi-specs/compute/32-05/desc/authenticate/post.md new file mode 100644 index 000000000..cb018de64 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/authenticate/post.md @@ -0,0 +1,29 @@ +Retrieves an access token using your username and password. +By default, access tokens are valid for 30 minutes. +You can set the validity period in Console under **Manage > Authentication > Logon**. + +**Note:** The username and password values are case-sensitive. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -H "Content-Type: application/json" \ + -X POST \ + -d \ +'{ + "username":"admin", + "password":"password" +}' \ + https:///api/v/authenticate +``` + +### Response + +Refer to the following successful example response that returns the access token for use in other API endpoints: + +```bash +{"token", "ACCESS_TOKEN_VALUE"} +``` diff --git a/openapi-specs/compute/32-05/desc/authenticate/renew_get.md b/openapi-specs/compute/32-05/desc/authenticate/renew_get.md new file mode 100644 index 000000000..6040d58e1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/authenticate/renew_get.md @@ -0,0 +1,20 @@ +Renews an old (unexpired) access token and returns a new token. + +### cURL Request + +The following cURL command retrieves a new access token using an old access token. + +```bash +$ curl -k \ + -H "Authorization: Bearer " \ + https:///api/v1/authenticate/renew +``` + +### Response + +A successful response will return the following response containing the new access token. +This access token replaces the old access token. + +```bash +{"token", "ACCESS_TOKEN_VALUE"} +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/backups/backups.md b/openapi-specs/compute/32-05/desc/backups/backups.md new file mode 100644 index 000000000..fbeae23cb --- /dev/null +++ b/openapi-specs/compute/32-05/desc/backups/backups.md @@ -0,0 +1 @@ +Manage backup files. diff --git a/openapi-specs/compute/32-05/desc/backups/id_patch.md b/openapi-specs/compute/32-05/desc/backups/id_patch.md new file mode 100644 index 000000000..13f4c416e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/backups/id_patch.md @@ -0,0 +1 @@ +Renames the specified backup file. diff --git a/openapi-specs/compute/32-05/desc/certs/capem_get.md b/openapi-specs/compute/32-05/desc/certs/capem_get.md new file mode 100644 index 000000000..f0f0f1bf3 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/certs/capem_get.md @@ -0,0 +1,25 @@ +Retrieves the Base64-encoded SSL root certificate self-signed by primary certificate authority (CA) in PEM format. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v1/certs/ca.pem" +``` + +### cURL Response + +``` +-----BEGIN CERTIFICATE----- +MIIDHDCCAgSgAwIBAgIQDBOoX575awe…iQ6j6Icf8NDANBgkqhkiG9w0BAQsFADAo +MRIwEAYDVQQKEwlUd2lzdGxvY2sxEjAQBgNVBAMTCVR3aXN0bG9jazAeFw0yMjEx +MDgxNjA1MDBaFw0yNTExMDrbXDQLhFyPXcFfNgNdEaH +EbVjIec/Frhk0TWIhDDphuwaIz2Qkuj/hIF1rtHhkMFXsYKsUGDcyGKJnEUxz9zR +S4hdrn5QhEh+m+CLzuv+WRV925WJ5rCKYeT9DIhXgEM= +-----END CERTIFICATE----- +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/certs/certs.md b/openapi-specs/compute/32-05/desc/certs/certs.md new file mode 100644 index 000000000..f592f3f58 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/certs/certs.md @@ -0,0 +1,14 @@ +Retrieve and manage the client and server certificates from the Prisma Cloud Compute. + +### Authentication + +#### Basic Auth +##### Headers + - Authorization: required (string): Authenticates with the Base64-encoded "username:password" credentials. + +#### JWT Access Token +Use POST, /api/vVERSION/authenticate for authorization +##### Headers + - Authorization: required (string): Authenticates with the Bearer authentication scheme to transmit the access token. + Example: + Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJk………… diff --git a/openapi-specs/compute/32-05/desc/certs/client-certs_get.md b/openapi-specs/compute/32-05/desc/certs/client-certs_get.md new file mode 100644 index 000000000..d099b3e3d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/certs/client-certs_get.md @@ -0,0 +1,10 @@ +Downloads a script that installs a client certificate, client private key, and certificate authority certificate for the authenticated user. + +The following example curl command uses basic auth to download and run the install script for your client certs: + +```bash +$ curl -k \ + -u \ + -X GET \ + https://:8083/api/v1/certs/client-certs.sh | sh +``` diff --git a/openapi-specs/compute/32-05/desc/certs/server-certs_get.md b/openapi-specs/compute/32-05/desc/certs/server-certs_get.md new file mode 100644 index 000000000..0bb13f51d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/certs/server-certs_get.md @@ -0,0 +1,62 @@ +Retrieves the server certificate bundle from Prisma Cloud Compute that contains a chain of certificates. + +* Certificate Authority (CA) certificate in PEM +* RSA Private Key for server in PEM +* Server certificate in PEM +* Defender CA certificate in PEM +* Defender RSA Private Key for client in PEM +* Defender client certificate in PEM + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -H 'Content-Type: application/json' \ + -u \ + -X GET \ + "https:///api/v1/certs/server-certs.sh" +``` +### cURL Response + +``` +#!/bin/sh +# Copy Certificate Authority +echo -n "-----BEGIN CERTIFICATE----- +MIIDHDCCAgSgAwIBAgIQDBOoX575aweiQ6j6I…hXgEM= +-----END CERTIFICATE----- +" > ca.pem +# Copy Server key +echo -n "-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,a7a8cbceec7e97d51c04ce03f1b4c4dc +HwlxgvmGJw068VUEletmSSBjE54Q+8BGcWuYc…3PjIj2nuD4PTtOULiuLnAoONb0 +-----END RSA PRIVATE KEY----- +" > server-key.pem +# Copy Server Cert +echo -n "-----BEGIN CERTIFICATE----- +MIIDOjCCAiKgAwIBAgIRAOCRfG1Sot…5SY03wZf20LvAzrLTRLsIAbsivp0Ljmvt +drBPViPXgryvwhpnaxU= +-----END CERTIFICATE----- +" > server-cert.pem +# Copy the defender certificate authority +echo -n "-----BEGIN CERTIFICATE----- +MIIDHTCCAgWgAwIBAgIRAMAqTE7/cvmwb…xLx9lzxemN +-----END CERTIFICATE----- +" > defender-ca.pem +# Copy the defender client key +echo -n "-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,ab1bca8bc354c0866cfc26fd946c70b5 + +x1nwAJw5sbjoSL7aUpO3rP8IkMz63X1dD…3k1SVZSph63rRvv6d5O +-----END RSA PRIVATE KEY----- +" > defender-client-key.pem +# Copy the defender client cert +echo -n "-----BEGIN CERTIFICATE----- +MIIDJzCCAg+gAwIBAgIQcb6VdD45Jbla…6kXfxAvSiLTs4mhC1wg68ZSDUQ== +-----END CERTIFICATE----- +" > defender-client-cert.pem + +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/cloud/cloud.md b/openapi-specs/compute/32-05/desc/cloud/cloud.md new file mode 100644 index 000000000..4dfd5f087 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/cloud/cloud.md @@ -0,0 +1,2 @@ +Find all the cloud-native services being used in your AWS, Azure, and Google Cloud accounts. +Prisma Cloud Compute continuously monitors these accounts, detects when new services are added, and reports which services are unprotected. diff --git a/openapi-specs/compute/32-05/desc/cloud/compliance_download_get.md b/openapi-specs/compute/32-05/desc/cloud/compliance_download_get.md new file mode 100644 index 000000000..7b1ec9fea --- /dev/null +++ b/openapi-specs/compute/32-05/desc/cloud/compliance_download_get.md @@ -0,0 +1,11 @@ +Download all cloud scan data in CSV format. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o cloud-compliance.csv \ + https://:8083/api/v1/cloud/compliance/download +``` diff --git a/openapi-specs/compute/32-05/desc/cloud/compliance_get.md b/openapi-specs/compute/32-05/desc/cloud/compliance_get.md new file mode 100644 index 000000000..48c2fe5bb --- /dev/null +++ b/openapi-specs/compute/32-05/desc/cloud/compliance_get.md @@ -0,0 +1,10 @@ +Returns a list of all cloud compliance scan results. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/cloud/compliance +``` diff --git a/openapi-specs/compute/32-05/desc/cloud/compliance_scan_post.md b/openapi-specs/compute/32-05/desc/cloud/compliance_scan_post.md new file mode 100644 index 000000000..7f87bf1f4 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/cloud/compliance_scan_post.md @@ -0,0 +1,10 @@ +Initiates a new cloud compliance scan. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/cloud/compliance/scan +``` diff --git a/openapi-specs/compute/32-05/desc/cloud/compliance_stop_post.md b/openapi-specs/compute/32-05/desc/cloud/compliance_stop_post.md new file mode 100644 index 000000000..df0febb56 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/cloud/compliance_stop_post.md @@ -0,0 +1,10 @@ +Terminates a cloud compliance scan that's in progress.. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/cloud/compliance/stop +``` diff --git a/openapi-specs/compute/32-05/desc/cloud/discovery_download_get.md b/openapi-specs/compute/32-05/desc/cloud/discovery_download_get.md new file mode 100644 index 000000000..44d60a113 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/cloud/discovery_download_get.md @@ -0,0 +1,14 @@ +Downloads all cloud scan data in a CSV file. + +### cURL Request + +Refer to the following cURL example command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o cloud-discovery.csv \ + https://:8083/api/v/cloud/discovery/download +``` diff --git a/openapi-specs/compute/32-05/desc/cloud/discovery_entities_get.md b/openapi-specs/compute/32-05/desc/cloud/discovery_entities_get.md new file mode 100644 index 000000000..a7abbdfb6 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/cloud/discovery_entities_get.md @@ -0,0 +1,15 @@ +Returns a list of discovered cloud entities. + +Use this API endpoint along with the `GET, api/vVERSION/cloud/discovery` to get full information about the discovered cloud scan result. + +### cURL Request + +Refer to the following cURL example request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/cloud/discovery/entities" +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/cloud/discovery_get.md b/openapi-specs/compute/32-05/desc/cloud/discovery_get.md new file mode 100644 index 000000000..28025f140 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/cloud/discovery_get.md @@ -0,0 +1,16 @@ +Returns a list of all cloud discovery scan results in a paginated response. + +The `entities` object and the associated parameters in the response schema is now part of a new API endpoint `/api/v1/cloud/discovery/entities`. + +### cURL Request + +Refer to the following cURL example request: + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/cloud/discovery" +``` diff --git a/openapi-specs/compute/32-05/desc/cloud/discovery_scan_post.md b/openapi-specs/compute/32-05/desc/cloud/discovery_scan_post.md new file mode 100644 index 000000000..51799ebdb --- /dev/null +++ b/openapi-specs/compute/32-05/desc/cloud/discovery_scan_post.md @@ -0,0 +1,13 @@ +Initiates a new cloud discovery scan. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v/cloud/discovery/scan +``` diff --git a/openapi-specs/compute/32-05/desc/cloud/discovery_stop_post.md b/openapi-specs/compute/32-05/desc/cloud/discovery_stop_post.md new file mode 100644 index 000000000..6a6c7a5a5 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/cloud/discovery_stop_post.md @@ -0,0 +1,13 @@ +Terminates a cloud discovery scan that's in progress. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v/cloud/discovery/stop +``` diff --git a/openapi-specs/compute/32-05/desc/cloud/discovery_vms_get.md b/openapi-specs/compute/32-05/desc/cloud/discovery_vms_get.md new file mode 100644 index 000000000..6766f4e5a --- /dev/null +++ b/openapi-specs/compute/32-05/desc/cloud/discovery_vms_get.md @@ -0,0 +1,13 @@ +Returns the discovered cloud VM instances. + +### cURL Request + +Refer to the following example cURL command that retrieves all the discovered cloud VM instances: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/cloud/discovery/vms' +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/coderepos-ci/post.md b/openapi-specs/compute/32-05/desc/coderepos-ci/post.md new file mode 100644 index 000000000..df608d743 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/coderepos-ci/post.md @@ -0,0 +1,4 @@ +Adds a CI code repository scan result. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. diff --git a/openapi-specs/compute/32-05/desc/coderepos-ci/post_resolve.md b/openapi-specs/compute/32-05/desc/coderepos-ci/post_resolve.md new file mode 100644 index 000000000..493d25834 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/coderepos-ci/post_resolve.md @@ -0,0 +1 @@ +Adds vulnerability data for the given code repository scan result. diff --git a/openapi-specs/compute/32-05/desc/coderepos/coderepos.md b/openapi-specs/compute/32-05/desc/coderepos/coderepos.md new file mode 100644 index 000000000..edd573525 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/coderepos/coderepos.md @@ -0,0 +1 @@ +Scan reports for GitHub code repositories. diff --git a/openapi-specs/compute/32-05/desc/coderepos/download_get.md b/openapi-specs/compute/32-05/desc/coderepos/download_get.md new file mode 100644 index 000000000..4ec0197bb --- /dev/null +++ b/openapi-specs/compute/32-05/desc/coderepos/download_get.md @@ -0,0 +1,18 @@ +Downloads code repository scan reports in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Vulnerabilities > Code repositories** in the Console UI. + +### cURL Request + +The following cURL command generates a CSV file containing the reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v1/coderepos/download" \ + > coderepos.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/32-05/desc/coderepos/get.md b/openapi-specs/compute/32-05/desc/coderepos/get.md new file mode 100644 index 000000000..54c4e99bf --- /dev/null +++ b/openapi-specs/compute/32-05/desc/coderepos/get.md @@ -0,0 +1,20 @@ +Retrieves all code repository scan reports. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to the **Code repositories** table in **Monitor > Vulnerabilities > Code repositories** in the Console UI. + +### cURL Request + +The following cURL command retrieves all code repository scan reports. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/coderepos \ +``` + +A successful response returns all code repository scan reports. diff --git a/openapi-specs/compute/32-05/desc/collections/collections.md b/openapi-specs/compute/32-05/desc/collections/collections.md new file mode 100644 index 000000000..ccc5d42d4 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/collections/collections.md @@ -0,0 +1,15 @@ +Collections are predefined filters that let you group related resources together. +Resources include things like containers, images, hosts, functions, and clusters. + +Use collections to scope policy rules and segment data/views in the Console UI and the Prisma Cloud API. + + +### Endpoints with a `{id}` URL Parameter + +Some `/collections` endpoints take a URL parameter called `{id}`. +The value for `{id}` should be a collection name. +You can retrieve collection names from the `GET /api/v1/collections` endpoint. +Each collection object in the response has a key called `name`, which can be used for `{id}`. + +**Note:** Spaces are considered [unsafe characters in a URL](https://www.ietf.org/rfc/rfc1738.txt). +If your collection name has a space, encode the space with the value `%20` before passing it as a URL parameter. diff --git a/openapi-specs/compute/32-05/desc/collections/get.md b/openapi-specs/compute/32-05/desc/collections/get.md new file mode 100755 index 000000000..99120d17d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/collections/get.md @@ -0,0 +1,15 @@ +Retrieves a list of all collections. + +This endpoint maps to the table in **Manage > Collections and Tags > Collections** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that returns a list of collections: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/collections' +``` diff --git a/openapi-specs/compute/32-05/desc/collections/name_delete.md b/openapi-specs/compute/32-05/desc/collections/name_delete.md new file mode 100755 index 000000000..3e2debd01 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/collections/name_delete.md @@ -0,0 +1,22 @@ +Deletes a collection. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Collections and Tags > Collections**. +2. Click the dotted icon under the **Actions** column to open up the menu options. **Note:** The default collections do not have a dotted icon in the **Actions** column. +3. Click the **Delete** button to initiate the deletion. +4. Click the **Delete Collection** button to confirm the deletion. + +### cURL Request + +Refer to the following example cURL command that deletes a collection with the name `my-collection`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + 'https:///api/v/collections/my-collection' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/collections/name_put.md b/openapi-specs/compute/32-05/desc/collections/name_put.md new file mode 100644 index 000000000..b843a4b59 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/collections/name_put.md @@ -0,0 +1,64 @@ +Updates the parameters for a specific collection. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Collections and Tags > Collections**. +2. Click the dotted icon under the **Actions** column to open up the menu options. **Note:** The default collections do not have a dotted icon in the **Actions** column. Use the **Manage** cog icon to open the update window. +3. Click the **Manage** button and update the collection's parameters. +4. Click the **Save** button to save the changes. + +### cURL Request + +The PUT cURL command updates a collection. + +**To submit a cURL request:** + +* The `name` value is required. +* If `description` is not included in the request, the value will be defaulted to an empty string. +* If `color` is not included in the request, the system will set the color to a random value. +* If one of the following resources is left unspecified, the resource value will be set to a wildcard `[*]`: `hosts`, `images`, `labels`, `containers`, `functions`, `namespaces`, `appIDs`, `accountIDs`, `codeRepos`, `clusters` + +#### Example cURL Request + +This existing collection `my-collection` captures all container images named `ubuntu:18.04`. + +```json +{ + "hosts":["*"], + "images":["ubuntu:18.04"], + "labels":["*"], + "containers":["*"], + "functions":["*"], + "namespaces":["*"], + "appIDs":["*"], + "accountIDs":["*"], + "codeRepos":["*"], + "clusters":["*"], + "name":"my-collection", + "owner":"", + "modified":"2021-01-01T21:04:30.417Z", + "color":"#AD3C21", + "system":"false" +} +``` + +The following cURL command updates `my-collection` to captures all container images named `ubuntu:20.04`. + +**Note:** You can retrieve collection names from the `GET /api/v/collections` endpoint using the `name` key. + +Refer to the following example cURL command: + +```bash +$ curl 'https:///api/v/collections/my-collection' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "name":"my-collection", + "images":["ubuntu:20.04"] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/collections/name_usages_get.md b/openapi-specs/compute/32-05/desc/collections/name_usages_get.md new file mode 100755 index 000000000..5c9c40424 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/collections/name_usages_get.md @@ -0,0 +1,20 @@ +Retrieves all policies that uses a specified collection. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Collections and Tags > Collections**. +2. Click the dotted icon under the **Actions** column to open up the menu options. **Note:** The default collections do not have a dotted icon in the **Actions** column. Use the **Manage** cog icon to open the update window. +3. Click the **Manage** button. +4. The **Usages** table displays the collection's usages. + +### cURL Request + +Refer to the following example cURL command that retrieves all policies with name `my-collection`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/collections/my-collection/usages' +``` diff --git a/openapi-specs/compute/32-05/desc/collections/post.md b/openapi-specs/compute/32-05/desc/collections/post.md new file mode 100755 index 000000000..168c73970 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/collections/post.md @@ -0,0 +1,39 @@ +Creates a new collection. Only the `name` field is required; the other fields are optional. The `name` field can contain the characters: 'A-Z', 'a-z', '0-9', '_', '-', and ':'. Optional fields for which you do not specify a value are set to the '*' wildcard. + +If you don't provide a value for the `name` field and try to use the collection, you'll get an empty resource error. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Collections and Tags > Collections**. +2. Add a collection using **+ Add collection**. +3. Click the **Save** button. + +### cURL Request + +Refer to the following example cURL command that creates a new collection named `my-collection`, specifies a HEX color value of #AD3C21, and captures all container images named `ubuntu:18.04`: + +```bash +$ curl 'https://:8083/api/v/collections' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "name":"my-collection", + "images":["ubuntu:18.04"], + "hosts":["*"], + "labels":["*"], + "containers":["*"], + "functions":["*"], + "namespaces":["*"], + "appIDs":["*"], + "accountIDs":["*"], + "codeRepos":["*"], + "clusters":["*"], + "color":"#AD3C21" +}' +``` +**Note:** No response is returned upon successful execution. You must verify the collection in the Console UI. + + diff --git a/openapi-specs/compute/32-05/desc/console_saas.png b/openapi-specs/compute/32-05/desc/console_saas.png new file mode 100644 index 000000000..8e6ba2d91 Binary files /dev/null and b/openapi-specs/compute/32-05/desc/console_saas.png differ diff --git a/openapi-specs/compute/32-05/desc/containers/containers.md b/openapi-specs/compute/32-05/desc/containers/containers.md new file mode 100644 index 000000000..cf38c9a54 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/containers/containers.md @@ -0,0 +1 @@ +Container scan reports. diff --git a/openapi-specs/compute/32-05/desc/containers/count_get.md b/openapi-specs/compute/32-05/desc/containers/count_get.md new file mode 100644 index 000000000..4c6ecdcb4 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/containers/count_get.md @@ -0,0 +1,13 @@ +Returns an integer representing the number of containers in your environment. + +### cURL Request + +Refer to the following example cURL command that returns the number of containers. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/containers/count +``` diff --git a/openapi-specs/compute/32-05/desc/containers/download_get.md b/openapi-specs/compute/32-05/desc/containers/download_get.md new file mode 100644 index 000000000..8f581aabe --- /dev/null +++ b/openapi-specs/compute/32-05/desc/containers/download_get.md @@ -0,0 +1,20 @@ +Downloads container scan reports in CSV format. + +You can download the container scan reports in CSV format in Console under **Monitor > Compliance > Containers**. + +**Note**: The query parameter `fields` is not supported for this API endpoint. + +### cURL Request + +Refer to the following example cURL command that generates a CSV file containing the scan reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/containers/download?id={id}&layers=true" \ + > container_report.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/32-05/desc/containers/filters_get.md b/openapi-specs/compute/32-05/desc/containers/filters_get.md new file mode 100644 index 000000000..c8a1dfca4 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/containers/filters_get.md @@ -0,0 +1,9 @@ +Returns all container filters in JSON format. These filters can be used in the base `GET` request as query parameters. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/containers/filters +``` diff --git a/openapi-specs/compute/32-05/desc/containers/get.md b/openapi-specs/compute/32-05/desc/containers/get.md new file mode 100644 index 000000000..4cacdde60 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/containers/get.md @@ -0,0 +1,37 @@ +Retrieves container scan reports. + +You can view the container scan reports in Console under **Monitor > Compliance > Containers**. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +Refer to the following available options for the `fields` query parameters: +* labels +* externalLabels +* cluster +* hostname +* image +### cURL Request + +Refer to the following example cURL command that retrieves a scan report for all containers: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/containers" +``` + +Refer to the following example cURL command that retrieves a scan report for a container with the collection ``: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/containers?collections=" +``` +The name query is synonymous with the filter containers text field in the Console UI. + +A successful response returns the container scan reports. diff --git a/openapi-specs/compute/32-05/desc/containers/labels_get.md b/openapi-specs/compute/32-05/desc/containers/labels_get.md new file mode 100644 index 000000000..eb40a748d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/containers/labels_get.md @@ -0,0 +1,9 @@ +Returns an array of strings containing all of the labels. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/containers/labels +``` diff --git a/openapi-specs/compute/32-05/desc/containers/names_get.md b/openapi-specs/compute/32-05/desc/containers/names_get.md new file mode 100644 index 000000000..8b32465d5 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/containers/names_get.md @@ -0,0 +1,13 @@ +Returns an array of strings containing all container names. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/containers/names +``` diff --git a/openapi-specs/compute/32-05/desc/containers/scan_post.md b/openapi-specs/compute/32-05/desc/containers/scan_post.md new file mode 100644 index 000000000..6b2bdaaba --- /dev/null +++ b/openapi-specs/compute/32-05/desc/containers/scan_post.md @@ -0,0 +1,12 @@ +Re-scan all containers immediately. +This endpoint returns the time that the scans were initiated. + +The following example command uses curl and basic auth to force Prisma Cloud Compute to re-scan all containers: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/containers/scan +``` diff --git a/openapi-specs/compute/32-05/desc/credentials/credentials.md b/openapi-specs/compute/32-05/desc/credentials/credentials.md new file mode 100644 index 000000000..47eb1f342 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/credentials/credentials.md @@ -0,0 +1 @@ +Management of Centrally Managed Credentials \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/credentials/get.md b/openapi-specs/compute/32-05/desc/credentials/get.md new file mode 100644 index 000000000..ee4309dee --- /dev/null +++ b/openapi-specs/compute/32-05/desc/credentials/get.md @@ -0,0 +1,16 @@ +Retrieves a list of all credentials from the credentials store. +This endpoint maps to **Manage > Authentication > Credentials store** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves all credentials: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/credentials +``` + +A successful response returns a list of all credentials. diff --git a/openapi-specs/compute/32-05/desc/credentials/id_delete.md b/openapi-specs/compute/32-05/desc/credentials/id_delete.md new file mode 100644 index 000000000..e5c70259e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/credentials/id_delete.md @@ -0,0 +1,24 @@ +Deletes a credential from the credential store. + +**Note:** Use only Prisma Cloud Compute user interface **Manage** > **Cloud accounts** to delete cloud credentials for `Amazon AWS`, `Microsoft Azure`, and `Google Cloud Platform`. + +To invoke this endpoint in the Prisma Cloud Compute user interface: + +1. Navigate to **Manage > Authentication > Credentials Store**. +2. From the table, find the row of the credential you want to delete and click the dotted icon under the **Actions** column. +3. Click the **Delete** button to open the delete confirmation window. +4. Click the **Delete Credential** button to delete the credential. + +### cURL Request + +Refer to the following example cURL command that deletes an existing credential: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https:///api/v/credentials/{id} +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/credentials/id_usages_get.md b/openapi-specs/compute/32-05/desc/credentials/id_usages_get.md new file mode 100644 index 000000000..76c1099aa --- /dev/null +++ b/openapi-specs/compute/32-05/desc/credentials/id_usages_get.md @@ -0,0 +1,22 @@ +Retrieves all usages for a specific credential in the credential store. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Credential Store**. +2. From the table, find the row of the credential you want to update and click the dotted icon under the **Actions** column. +3. Click the **Manage** button. +4. The **Usage** table displays the data from this endpoint. + +### cURL Request + +Refer to the following cURL command that retrieves all usages for a credential: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/credentials/{id}/usages +``` + +A successful response returns a list of all usages for the credential. diff --git a/openapi-specs/compute/32-05/desc/credentials/post.md b/openapi-specs/compute/32-05/desc/credentials/post.md new file mode 100644 index 000000000..ed8a2a690 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/credentials/post.md @@ -0,0 +1,35 @@ +Updates a credential in the credentials store. + +**Note:** Use only Prisma Cloud Compute user interface **Manage** > **Cloud accounts** > **Add account** to add cloud credentials for `Amazon AWS`, `Microsoft Azure`, and `Google Cloud Platform`. + +To invoke this endpoint in the Prisma Cloud Compute user interface: + +1. Navigate to **Manage > Authentication > Credentials Store**. +2. From the table, find the row of the credential you want to update and click the dotted icon under the **Actions** column. +3. Click the **Manage** button and update the credential's parameters. +4. Click the **Save** button to save the updated credential. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl 'https:///api/v/credentials' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "serviceAccount":{ + }, + "apiToken":{ + "encrypted":"ENCRYPTED_TOKEN" + }, + "type":"TYPE", + "_id":"{id}" +}' +``` + +**Note:** There's no response upon successful execution. + diff --git a/openapi-specs/compute/32-05/desc/curl_examples.md b/openapi-specs/compute/32-05/desc/curl_examples.md new file mode 100644 index 000000000..3d4fcd468 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/curl_examples.md @@ -0,0 +1,38 @@ +The cURL example for each endpoint is called with a username (`-u `) only. +The cURL can be modified to use any of the following: + +* **Authentication Token:** Use the `-H` option to pass the authentication token from the `/api/v1/authenticate` endpoint into the request header. + +For example, replace `` with the token from the `/api/v1/authenticate` endpoint. + +```bash +$ curl -k \ +-H 'Authorization: Bearer ' \ +-X POST \ +https:///api/v1/ +``` + +* **Username and Password:** Use the `-u` and `-p` options to include the username and password, eliminating the need to enter a password in a secondary step. + +For example, replace `` with the username string and `` with the password string. + +```bash +$ curl -k \ +-u \ +-p \ +-X POST \ +https:///api/v1/ +``` + +* **Username Only:** This will require the user's password to be entered as a secondary step. + +For example, replace `` with the username string. + +```bash +$ curl -k \ +-u \ +-X POST \ +https:///api/v1/ +``` + +**Note:** This is a more secure method than including the `-p` option since your terminal history won't contain the password. diff --git a/openapi-specs/compute/32-05/desc/current/collections_get.md b/openapi-specs/compute/32-05/desc/current/collections_get.md new file mode 100644 index 000000000..f334288cc --- /dev/null +++ b/openapi-specs/compute/32-05/desc/current/collections_get.md @@ -0,0 +1 @@ +Returns collections in the current project that the user has permission to access. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/current/projects_get.md b/openapi-specs/compute/32-05/desc/current/projects_get.md new file mode 100644 index 000000000..1da5a26be --- /dev/null +++ b/openapi-specs/compute/32-05/desc/current/projects_get.md @@ -0,0 +1 @@ +Get the current user projects. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/custom-compliance/custom-compliance.md b/openapi-specs/compute/32-05/desc/custom-compliance/custom-compliance.md new file mode 100644 index 000000000..00e14acde --- /dev/null +++ b/openapi-specs/compute/32-05/desc/custom-compliance/custom-compliance.md @@ -0,0 +1,9 @@ +Custom image checks give you a way to write and run your own compliance checks to assess, measure, and enforce security baselines in your environment. +Although Prisma Cloud Compute supports OpenSCAP and XCCDF, these frameworks are complicated, and they can be overkill when all you want to do is run a simple check. +Prisma Cloud Compute lets you implement your own custom image checks with simple scripts. + +A custom image check consists of a single script. +The script’s exit code determines the result of the check, where 0 is pass and 1 is fail. +Scripts are executed in the container’s default shell. +For many Linux container images, the default shell is bash, but that’s not always the case. +For Windows container images, the default shell is `cmd.exe`. diff --git a/openapi-specs/compute/32-05/desc/custom-compliance/get.md b/openapi-specs/compute/32-05/desc/custom-compliance/get.md new file mode 100644 index 000000000..9022a87b7 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/custom-compliance/get.md @@ -0,0 +1,32 @@ +Returns a list of all custom compliance checks. + +This endpoint maps to **Defend > Compliance > Custom** in the Console UI. + +### cURL Request + +Refer to the following example curl command that gets the list of custom compliance checks: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/custom-compliance +``` + +### Response + +``` +[ + { + "modified": "2019-03-07T17:01:12.355Z", + "owner": "pierre", + "name": "apitest", + "previousName": "", + "_id": 9000, + "title": "apitest", + "script": "if [ $(stat -c %a /bin/busybox) -eq 755 ]; then\n echo 'test permission failure' && exit 1;\nfi", + "severity": "high" + } +] +``` diff --git a/openapi-specs/compute/32-05/desc/custom-compliance/id_delete.md b/openapi-specs/compute/32-05/desc/custom-compliance/id_delete.md new file mode 100644 index 000000000..72c7183ee --- /dev/null +++ b/openapi-specs/compute/32-05/desc/custom-compliance/id_delete.md @@ -0,0 +1,15 @@ +Deletes a specific custom compliance check. + +This endpoint maps to **Defend > Compliance > Custom** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that uses basic auth to delete the compliance check with id 9000: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https:///api/v/custom-compliance/9000 +``` diff --git a/openapi-specs/compute/32-05/desc/custom-compliance/put.md b/openapi-specs/compute/32-05/desc/custom-compliance/put.md new file mode 100644 index 000000000..480e41b54 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/custom-compliance/put.md @@ -0,0 +1,30 @@ +This endpoint will allow for update of the custom compliance checks. + +This endpoint maps to **Defend > Compliance > Custom** in the Console UI. + +### cURL Request + +Create `custom_check.json` file (example): + +```bash + { + "modified": "2019-03-07T17:01:12.355Z", + "owner": "pierre", + "name": "apitest", + "previousName": "", + "_id": 9000, + "title": "apitest", + "script": "if [ $(stat -c %a /bin/busybox) -eq 755 ]; then\n echo 'test permission failure' && exit 1;\nfi", + "severity": "high" + } +``` +Refer to the following example curl command that uses basic auth to update the checks: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d @custom_check.json \ + https:///api/v/custom-compliance +``` diff --git a/openapi-specs/compute/32-05/desc/custom-rules/custom-rules.md b/openapi-specs/compute/32-05/desc/custom-rules/custom-rules.md new file mode 100644 index 000000000..cf5c6d091 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/custom-rules/custom-rules.md @@ -0,0 +1 @@ +Defines a precise defense action for containers, hosts, Kubernetes audits, WAAS requests, and WAAS responses. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/custom-rules/get.md b/openapi-specs/compute/32-05/desc/custom-rules/get.md new file mode 100644 index 000000000..f0385f81a --- /dev/null +++ b/openapi-specs/compute/32-05/desc/custom-rules/get.md @@ -0,0 +1,17 @@ +Retrieves a list of all custom rules. + +This endpoint maps to the policy table in **Defend > Custom rules** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves all rules in the policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/custom-rules' +``` + +A successful response returns a list of custom rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/custom-rules/id_delete.md b/openapi-specs/compute/32-05/desc/custom-rules/id_delete.md new file mode 100644 index 000000000..c0d6dc8b0 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/custom-rules/id_delete.md @@ -0,0 +1,15 @@ +Deletes a custom rule. + +### cURL Request + +Refer to the following example cURL command that deletes a custom rule: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + 'https:///api/v/custom-rules/{id}' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/custom-rules/id_put.md b/openapi-specs/compute/32-05/desc/custom-rules/id_put.md new file mode 100644 index 000000000..59108ea0d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/custom-rules/id_put.md @@ -0,0 +1,30 @@ +Creates or updates a custom rule. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > Custom rules**. +2. Click **+ Add rule** or the dotted icon under the **Actions** column and choose to the **Manage** cog icon to open the update window. +3. Configure the custom rule's parameters. +4. Click the **Add** or **Update** button to save the changes. + +### cURL Request + +Refer to the following example cURL command that updates a custom rule. + +```bash +$ curl 'https:///api/v/custom-rules/{id}' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "_id":{id}, + "type":"processes", + "message":"unexpected %proc.name was spawned", + "name":"", + "script":"proc.interactive" +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/cves/cves.md b/openapi-specs/compute/32-05/desc/cves/cves.md new file mode 100644 index 000000000..bc03c8eba --- /dev/null +++ b/openapi-specs/compute/32-05/desc/cves/cves.md @@ -0,0 +1 @@ +Browse Prisma Cloud Compute's vulnerability database. diff --git a/openapi-specs/compute/32-05/desc/cves/distribution_get.md b/openapi-specs/compute/32-05/desc/cves/distribution_get.md new file mode 100644 index 000000000..aecddce23 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/cves/distribution_get.md @@ -0,0 +1,11 @@ +Retrieves CVEs from the vulnerability database grouped into distribution where you will see a count for vulnerabilities per distribution. + +The following example curl command uses basic auth to retrieve this data: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/cves/distribution +``` diff --git a/openapi-specs/compute/32-05/desc/cves/get.md b/openapi-specs/compute/32-05/desc/cves/get.md new file mode 100644 index 000000000..469ea4b28 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/cves/get.md @@ -0,0 +1,14 @@ +Retrieves CVEs from Prisma Cloud Compute's vulnerability database. +Query the database by CVE ID. +Partial matches are supported. +A null response indicates that the CVE is not in our database. + +The following example curl command queries the Prisma Cloud Compute database for `CVE-2018-1102`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/cves?id=CVE-2018-1102 +``` diff --git a/openapi-specs/compute/32-05/desc/defenders/app_embedded_post.md b/openapi-specs/compute/32-05/desc/defenders/app_embedded_post.md new file mode 100644 index 000000000..9167469d0 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/app_embedded_post.md @@ -0,0 +1,20 @@ +Creates an augmented Dockerfile with Defender and dependencies included as a ZIP file. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "appID": "my-app", + "consoleAddr": "https://localhost:8083", + "dataFolder": "/var/lib/docker/containers/twistlock/tmp", + "dockerfile": "/var/lib/docker/overlay2/183e9e3ec933ba2363bcf6066b7605d99bfcf4dce84f72eeeba0f616c679cf48" + }' \ + "https:///api/v/defenders/app-embedded" +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/defenders/daemonset_yaml_get.md b/openapi-specs/compute/32-05/desc/defenders/daemonset_yaml_get.md new file mode 100644 index 000000000..678901a8a --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/daemonset_yaml_get.md @@ -0,0 +1,17 @@ +Creates a DaemonSet deployment file in YAML format that can be used to deploy Defender to your cluster. + +For more information about how to use this endpoint, see +[Deploy a Defender DaemonSet using the API](https://docs.twistlock.com/docs/latest/api/automate_defender_install.html). + +The following example curl command returns a Defender DaemonSet deployment file. +The `` query parameter specifies the address that Defender uses to communicate with Console. +It can be a DNS name or IP address. + +`` is a single list item from the `/api/v1/defenders/names` endpoint. + +```bash +$ curl -k \ + -u \ + -X GET \ + 'https://:8083/api/v1/defenders/daemonset.yaml?consoleaddr=&listener=none&namespace=twistlock&orchestration=kubernetes' +``` diff --git a/openapi-specs/compute/32-05/desc/defenders/daemonset_yaml_post.md b/openapi-specs/compute/32-05/desc/defenders/daemonset_yaml_post.md new file mode 100644 index 000000000..8dcf30639 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/daemonset_yaml_post.md @@ -0,0 +1,19 @@ +Creates a DaemonSet deployment file in YAML format that you can use to deploy Defender to your cluster. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "orchestration": "container", + "consoleAddr": "servo-vmware71", + "namespace": "twistlock" + }' \ + "https:///api/v/defenders/daemonset.yaml" +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/defenders/defenders.md b/openapi-specs/compute/32-05/desc/defenders/defenders.md new file mode 100644 index 000000000..dd41f380b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/defenders.md @@ -0,0 +1,3 @@ +Manage Defender. +Defender is Prisma Cloud Compute's security agent. +In general, one Defender is deployed per node. diff --git a/openapi-specs/compute/32-05/desc/defenders/download_get.md b/openapi-specs/compute/32-05/desc/defenders/download_get.md new file mode 100644 index 000000000..2d9435506 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/download_get.md @@ -0,0 +1,16 @@ +Downloads information about deployed Defenders in CSV format. +Use the query parameters to filter what data is returned. + +**Note:** The results contain "hostname" even if you don't specify a "hostname" in the "fields" query parameter. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET -o \ + https:///api/v/defenders/download +``` diff --git a/openapi-specs/compute/32-05/desc/defenders/fargate_json_post.md b/openapi-specs/compute/32-05/desc/defenders/fargate_json_post.md new file mode 100644 index 000000000..5128e90a1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/fargate_json_post.md @@ -0,0 +1,36 @@ +Returns a protected Fargate task definition given an unprotected task definition. + +### cURL Request +Refer to the following example cURL command: + +`` is a single list item from the `/api/v/defenders/names` endpoint. + +Unprotected task definition in `unprotected.json` + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + --data-binary "@unprotected.json" + --output protected.json \ + "https:///api/v/defenders/fargate.json?consoleaddr=&defenderType=appEmbedded" +``` +Refer to the following example cURL command that accepts the task definition in JSON format for a CloudFormation template: + +`` is a single list item from the `/api/v/defenders/names` endpoint. + +Unprotected task definition in `unprotected.json` + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + --data-binary "@unprotected.json" + --output protected.json \ + "https:///api/v/defenders/fargate.json?cloudFormation=true&consoleaddr=&filestemMonitoring=false&interpreter=&project=Central+Console" +``` + +### cURL Response +New Protected task will be in `protected.json` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/defenders/fargate_yaml_post.md b/openapi-specs/compute/32-05/desc/defenders/fargate_yaml_post.md new file mode 100644 index 000000000..9a8306a1b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/fargate_yaml_post.md @@ -0,0 +1,20 @@ +Returns a protected Fargate task definition for a CloudFormation YAML template given an unprotected task definition. + +### cURL Request +Refer to the following example cURL command that accepts the task definition in YAML format for a CloudFormation template: + +`` is a single list item from the `/api/v/defenders/names` endpoint. + +Unprotected task definition in `unprotected.yaml` + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/yaml' \ + -X POST \ + --data-binary "@unprotected.yaml" + --output protected.yaml \ + "https:///api/v/defenders/fargate.yaml?cloudFormation=true&consoleaddr=&filestemMonitoring=false&interpreter=&project=Central+Console" +``` + +New Protected task will be in `protected.yaml` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/defenders/get.md b/openapi-specs/compute/32-05/desc/defenders/get.md new file mode 100644 index 000000000..471e7ef9d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/get.md @@ -0,0 +1,17 @@ +Retrieves all deployed Defenders. + +This endpoint maps to the UI Console page in **Manage > Defenders > Defenders**. + +### cURL Request + +Refer to the following example cURL command that retrieves all deployed Defenders. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/defenders +``` + +A successful response returns all deployed Defenders. diff --git a/openapi-specs/compute/32-05/desc/defenders/helm_get.md b/openapi-specs/compute/32-05/desc/defenders/helm_get.md new file mode 100644 index 000000000..b11f9c4b9 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/helm_get.md @@ -0,0 +1,21 @@ +Creates a Helm deployment file that can be used to deploy Defenders to your cluster. + +For more information about how to use this endpoint, see +[Deploy a Defender Helm using the API](https://docs.twistlock.com/docs/19.07/install/install_kubernetes.html#install-twistlock-with-helm-charts). + +### cURL Request + +Refer to the following example curl command that returns a Defender Helm deployment file: + +The `` query parameter specifies the address that Defender uses to communicate with Console. +It can be a DNS name or IP address. + +`` is a single list item from the `/api/v/defenders/names` endpoint. + +```bash +$ curl -k \ + -u \ + -X GET \ + -o twistlock-defender-helm.tar.gz \ + 'https:///api/v/defenders/helm/twistlock-defender-helm.tar.gz?consoleaddr=&namespace=twistlock&orchestration=kubernetes' +``` diff --git a/openapi-specs/compute/32-05/desc/defenders/helm_post.md b/openapi-specs/compute/32-05/desc/defenders/helm_post.md new file mode 100644 index 000000000..2046e63eb --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/helm_post.md @@ -0,0 +1,20 @@ +Creates a Helm deployment file that you can use to deploy Defenders to your cluster. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -o twistlock-defender-helm.tar.gz \ + -d \ + '{ + "orchestration": "container", + "consoleAddr": "servo-vmware71", + "namespace": "twistlock" + }' \ + "https:///api/v/defenders/helm/twistlock-defender-helm.tar.gz" +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/defenders/id_delete.md b/openapi-specs/compute/32-05/desc/defenders/id_delete.md new file mode 100644 index 000000000..f637ef850 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/id_delete.md @@ -0,0 +1,24 @@ +Deletes an existing Defender on a given host. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Defenders > Defenders**. +2. In a table row, click the dotted **Actions** button for the Defender you want to delete. +3. Click the **Decommission** button to open the delete confirmation window. +4. Click the **Delete Defender** button to delete the Defender. + +### cURL Request + +The following cURL command deletes an existing Defender on a host. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https:///api/v/defenders/ +``` + +`` is populated with a value returned from the `/api/v/defenders/names` endpoint. + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/defenders/id_features_post.md b/openapi-specs/compute/32-05/desc/defenders/id_features_post.md new file mode 100644 index 000000000..ec8e4c5f3 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/id_features_post.md @@ -0,0 +1,13 @@ +Updates a deployed Defender's configuration. + +`` is a single list item from the `/api/v1/defenders/names` endpoint. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"proxyListenerType": "tcp", "registryScanner":"", "serverlessScanner":""}' \ + https:///api/v/defenders//features +``` + diff --git a/openapi-specs/compute/32-05/desc/defenders/id_restart_post.md b/openapi-specs/compute/32-05/desc/defenders/id_restart_post.md new file mode 100644 index 000000000..da0cc7811 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/id_restart_post.md @@ -0,0 +1,11 @@ +Restarts Defender on a given host. + +`` is a single list item from the `/api/v1/defenders/names` endpoint. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/defenders//restart +``` diff --git a/openapi-specs/compute/32-05/desc/defenders/id_upgrade_post.md b/openapi-specs/compute/32-05/desc/defenders/id_upgrade_post.md new file mode 100644 index 000000000..f0d30d1e9 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/id_upgrade_post.md @@ -0,0 +1,15 @@ +Upgrades Defender on ``. + +`` is a single list item from the `/api/v/defenders/names` endpoint. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/defenders//upgrade +``` diff --git a/openapi-specs/compute/32-05/desc/defenders/image-name_get.md b/openapi-specs/compute/32-05/desc/defenders/image-name_get.md new file mode 100644 index 000000000..e81ba3e19 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/image-name_get.md @@ -0,0 +1,19 @@ +Returns the full Docker image name for Defender. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/defenders/image-name +``` + +### Response + +Refer to the following example cURL response: + +`registry-auth.twistlock.com/tw_mcxweebesog0apjuhtmatv7saf9xdnwd/twistlock/defender:defender_21_11_812` diff --git a/openapi-specs/compute/32-05/desc/defenders/install-bundle_get.md b/openapi-specs/compute/32-05/desc/defenders/install-bundle_get.md new file mode 100644 index 000000000..882d0cd53 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/install-bundle_get.md @@ -0,0 +1,15 @@ +Returns the certificate bundle that Defender needs to securely connect to Console. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/defenders/install-bundle?consoleaddr=" +``` + + is the hostname of the Console. diff --git a/openapi-specs/compute/32-05/desc/defenders/names_get.md b/openapi-specs/compute/32-05/desc/defenders/names_get.md new file mode 100644 index 000000000..728eb6364 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/names_get.md @@ -0,0 +1,45 @@ +Retrieves a list of Defender hostnames that can be used as the `{id}` query parameter in other `/api/v1/defenders` endpoints. + +### cURL Request + +Refer to the following example cURL command that retrieves a list of all Defenders: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/defenders/names +``` + +Refer to the following example cURL command that retrieves a list of connected Defenders using a query parameter and a specified boolean value in lower case: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/defenders/names?connected=true" +``` + +Refer to the following example cURL command that retrieves a list of disconnected Defenders using a query parameter and a specified boolean value in lower case: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/defenders/names?connected=false" +``` +**Note**: The query parameter `connected` expects and accepts a boolean value in lower case. +The endpoint enlists all the connected and disconnected Defenders if do not specify a boolean value. + +Refer to the following example cURL command that retrieves a list of Defenders by type: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/defenders/names?type=" +``` diff --git a/openapi-specs/compute/32-05/desc/defenders/rasp_post.md b/openapi-specs/compute/32-05/desc/defenders/rasp_post.md new file mode 100644 index 000000000..526a9e112 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/rasp_post.md @@ -0,0 +1,15 @@ +Creates an augmented Dockerfile with RASP Defender and dependencies included as a ZIP file. + +The following example curl command returns a RASP Defender zip file. +The `` query parameter specifies the address that Defender uses to communicate with Console. +It can be a DNS name or IP address. + +`` is a single list item from the `/api/v1/defenders/names` endpoint. + +```bash +$ curl -k \ + -u \ + -X GET \ + -o rasp-defender.zip + 'https://:8083/api/v1/defenders/rasp?appId=&consoleaddr=&dataFolder=&dockerfile=' +``` diff --git a/openapi-specs/compute/32-05/desc/defenders/serverless-bundle_post.md b/openapi-specs/compute/32-05/desc/defenders/serverless-bundle_post.md new file mode 100644 index 000000000..df4f13e6a --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/serverless-bundle_post.md @@ -0,0 +1,15 @@ +Downloads a ZIP file with serverless Defender bundle. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/octet-stream' \ + -o serverless_bundle.zip \ + -X POST \ + -d '{"provider": ["aws"], "runtime": ["nodejs14.x"]}' \ + "https:///api/v/defenders/serverless/bundle" + ``` diff --git a/openapi-specs/compute/32-05/desc/defenders/summary_get.md b/openapi-specs/compute/32-05/desc/defenders/summary_get.md new file mode 100644 index 000000000..08be4ebc4 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/summary_get.md @@ -0,0 +1,15 @@ +Lists the number of Defenders in each defender category. + + +### cURL Request + +Refer to the following example cURL command that retrieves a summary of Defenders: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/defenders/summary +``` + diff --git a/openapi-specs/compute/32-05/desc/defenders/tas-cloud-controller-address_get.md b/openapi-specs/compute/32-05/desc/defenders/tas-cloud-controller-address_get.md new file mode 100644 index 000000000..afd34dbf8 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/tas-cloud-controller-address_get.md @@ -0,0 +1 @@ +Returns the cloud controller addresses for Tas defenders. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/defenders/upgrade_post.md b/openapi-specs/compute/32-05/desc/defenders/upgrade_post.md new file mode 100644 index 000000000..2f0b4d39e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/defenders/upgrade_post.md @@ -0,0 +1,17 @@ +Upgrades all connected single Linux Container Defenders. + +This does not update cluster Container Defenders (such as Defender DaemonSets), Serverless Defenders, or Fargate Defenders. +To upgrade cluster Container Defenders, redeploy them. +To upgrade Serverless and Fargate Defenders, re-embed them. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/defenders/upgrade +``` diff --git a/openapi-specs/compute/32-05/desc/deployment/daemonsets_deploy_post.md b/openapi-specs/compute/32-05/desc/deployment/daemonsets_deploy_post.md new file mode 100644 index 000000000..94ec9386b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/deployment/daemonsets_deploy_post.md @@ -0,0 +1,20 @@ +Deploys a Defender DaemonSet to the cluster identified by `credentialID`. +The `credentialID`, of type `kubeconfig`, must exist before calling this endpoint. +It identifies the cluster's API server, user, and credentials. + +Use the various request parameters to control the properties of the deployed DaemonSet. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{ + "credentialID": "", + "consoleAddr": "", + "namespace": "", + "orchestration": "", + "...":"..." + }' \ + https://:8083/api/v1/deployment/daemonsets/deploy +``` diff --git a/openapi-specs/compute/32-05/desc/deployment/daemonsets_get.md b/openapi-specs/compute/32-05/desc/deployment/daemonsets_get.md new file mode 100644 index 000000000..a0b7f3798 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/deployment/daemonsets_get.md @@ -0,0 +1,11 @@ +Retrieves a list of deployed Defender DaemonSets. +You must specify a `credentialID`, of type `kubeconfig`, which identifies your cluster and user. +Credentials are managed in Console's credentials store (`/api/v1/credentials`). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/deployment/daemonsets?credentialID= +``` diff --git a/openapi-specs/compute/32-05/desc/deployment/deployment.md b/openapi-specs/compute/32-05/desc/deployment/deployment.md new file mode 100644 index 000000000..760ae1bdb --- /dev/null +++ b/openapi-specs/compute/32-05/desc/deployment/deployment.md @@ -0,0 +1 @@ +Manage Defender DaemonSet deployments. diff --git a/openapi-specs/compute/32-05/desc/feeds/custom-vulnerabilities_get.md b/openapi-specs/compute/32-05/desc/feeds/custom-vulnerabilities_get.md new file mode 100644 index 000000000..71834f19d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/feeds/custom-vulnerabilities_get.md @@ -0,0 +1,41 @@ +Returns the list of custom vulnerabilities and associated rules for handling internally created or packaged apps. + +This list is used by the Prisma Cloud Compute scanner to detect vulnerable custom components (apps, libraries, etc) that were developed and packaged internally. + +> **Note:** When a vulnerable custom component is detected in an image, you must have a rule to tell Prisma Cloud Compute how to handle it. + +Vulnerability rules can be created using the Prisma Cloud Compute. + +### cURL Request + +Refer to the following cURL command that retrieves a list of all the custom vulnerabilities and associated rules. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/feeds/custom/custom-vulnerabilities" +``` + +### Response + +A successful response will return a list of custom vulnerability rules and the associated digest: + +```json +{ + "_id":"customVulnerabilities", + "rules": [ + { + "_id": "", + "package": "internal-lib", + "type": "package", + "minVersionInclusive": "1.1", + "name": "internal-lib", + "maxVersionInclusive": "1.8", + "md5": "" + } + ], + "digest":"" +} +``` diff --git a/openapi-specs/compute/32-05/desc/feeds/custom-vulnerabilities_put.md b/openapi-specs/compute/32-05/desc/feeds/custom-vulnerabilities_put.md new file mode 100644 index 000000000..4fe1c1898 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/feeds/custom-vulnerabilities_put.md @@ -0,0 +1,85 @@ +Updates all the custom vulnerabilities and associated rules simultaneously for handling internally created or packaged apps. + +### cURL Request + +Refer to the following cURL command that updates a vulnerability for a library named `internal-lib`, and specifies that its versions `1.1` to `1.8` are known to be vulnerable. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d ' +{ + "rules": [ + { + "_id": "", + "package": "internal-lib", + "type": "package", + "minVersionInclusive": "1.1", + "name": "internal-lib", + "maxVersionInclusive": "1.8", + "md5": "" + } + ] +}' \ +"https:///api/v/feeds/custom/custom-vulnerabilities" +``` + +**Note:** No response will be returned upon successful execution. + +### Maintain your Custom Vulnerabilities + +We suggest you maintain your custom vulnerabilities using the following steps: + +1. Get all the custom vulnerability rules from the `GET` endpoint and save the results to a file. + + **Note:** You will need `jq` to execute this command. + + ``` + $ curl -k \ + -u \ + https:///api/v/feeds/custom/custom-vulnerabilities \ + | jq '.' > custom_vulnerability_rules.json + ``` + +2. Open the JSON file and add, modify, and/or delete the rules by directly editing the JSON output. For example: + + ```json + { + "id": "customVulnerabilities", + "rules": [ + { + "_id": "", + "package": "internal-lib", + "type": "package", + "minVersionInclusive": "1.1", + "name": "internal-lib", + "maxVersionInclusive": "1.8", + "md5": "" + } + ], + "digest": "97de7f27XXXXXXXXXX" + } + ``` + +3. Update the rules by pushing the new JSON payload. **Note:** Do not forget to specify the `@` symbol. + + ``` + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + -d @custom_vulnerability_rules.json \ + https:///api/v/feeds/custom/custom-vulnerabilities + ``` + +4. Run the cURL command for the `GET /api/vVERSION/feeds/custom/custom-vulnerabilities` endpoint and you can see that the previously installed rules are now overwritten with your new rules. + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/feeds/custom/custom-vulnerabilities +``` diff --git a/openapi-specs/compute/32-05/desc/feeds/custom_vulnerabilities_digest_get.md b/openapi-specs/compute/32-05/desc/feeds/custom_vulnerabilities_digest_get.md new file mode 100644 index 000000000..0eb501d9b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/feeds/custom_vulnerabilities_digest_get.md @@ -0,0 +1,17 @@ +Returns the unique digest for the custom vulnerabilities and associated rules for handling internally created or packaged apps. + +### cURL Request + +The following cURL command retrieves the digest for the configured custom vulnerabilities. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/custom-vulnerabilities/digest +``` + +A successful response will return the digest string. +This is the same value as the `digest` property in the response of the `GET api/v1/feeds/custom/custom-vulnerabilities` endpoint. + diff --git a/openapi-specs/compute/32-05/desc/feeds/cve_allow_list_digest_get.md b/openapi-specs/compute/32-05/desc/feeds/cve_allow_list_digest_get.md new file mode 100644 index 000000000..e27f21251 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/feeds/cve_allow_list_digest_get.md @@ -0,0 +1,16 @@ +Retrieves the digest string for the Common Vulnerabilities and Exposures (CVE) allow list configured in Console. + +### cURL Request + +The following cURL command retrieves the digest for the configured CVE allow list. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/cve-allow-list/digest +``` + +A successful response will return the digest string. This is the same value as the `digest` property in the response of the `GET api/v1/feeds/custom/cve-allow-list` endpoint. + diff --git a/openapi-specs/compute/32-05/desc/feeds/cve_allow_list_get.md b/openapi-specs/compute/32-05/desc/feeds/cve_allow_list_get.md new file mode 100644 index 000000000..34fb2c7f8 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/feeds/cve_allow_list_get.md @@ -0,0 +1,30 @@ +Retrieves the globally allow-listed Common Vulnerabilities and Exposures (CVE). + +### cURL Request + +The following cURL command retrieves the globally allow-listed CVEs. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/cve-allow-list +``` + +### Response + +A successful response returns all CVEs globally allow-listed. + +```json +{ + "_id":"cveAllowList", + "rules": [ + { + "cve": "CVE-2018-2222", + "expiration": "2020-06-18T00:00:00Z" + } + ], + "digest":"" +} +``` diff --git a/openapi-specs/compute/32-05/desc/feeds/cve_allow_list_put.md b/openapi-specs/compute/32-05/desc/feeds/cve_allow_list_put.md new file mode 100644 index 000000000..850016965 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/feeds/cve_allow_list_put.md @@ -0,0 +1,29 @@ +Globally allow-lists a set of Common Vulnerabilities and Exposures (CVE). + +**Note:** Any previously installed lists are overwritten. + +### cURL Request + +The following cURL command installs a global CVE allow-list. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d \ +'{ + "rules": [ + { + "cve": "CVE-2018-2222", + "expiration": "2020-06-18T00:00:00Z" + } + ] +}' \ + https:///api/v1/feeds/custom/cve-allow-list +``` + +**Note:** No response will be returned upon successful execution. + +To confirm the CVE list has been added to the global allow-list, call the `GET /api/v1/feeds/custom/cve-allow-list` endpoint. + diff --git a/openapi-specs/compute/32-05/desc/feeds/feeds.md b/openapi-specs/compute/32-05/desc/feeds/feeds.md new file mode 100644 index 000000000..748e0af74 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/feeds/feeds.md @@ -0,0 +1,2 @@ +Augments the Prisma Cloud Compute Intelligence Stream with custom threat data. +Enables you expand the scope of threats and vulnerabilities that Prisma Cloud Compute can detect and report. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/feeds/ips_digest_get.md b/openapi-specs/compute/32-05/desc/feeds/ips_digest_get.md new file mode 100644 index 000000000..d059271ea --- /dev/null +++ b/openapi-specs/compute/32-05/desc/feeds/ips_digest_get.md @@ -0,0 +1,16 @@ +Retrieves the digest string for the list of suspicious or high risk IP endpoints configured in Console. + +### cURL Request + +The following cURL command retrieves the digest for the banned suspicious or high-risk IP addresses. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/ips/digest +``` + +A successful response will return the digest string. This is the same value as the `digest` property in the response of the `GET api/v1/feeds/custom/ips` endpoint. + diff --git a/openapi-specs/compute/32-05/desc/feeds/ips_get.md b/openapi-specs/compute/32-05/desc/feeds/ips_get.md new file mode 100644 index 000000000..381257d47 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/feeds/ips_get.md @@ -0,0 +1,26 @@ +Retrieves the customized list of block-listed suspicious or high-risk IP addresses. + +### cURL Request + +The following cURL command retrieves the list of globally block-listed suspicious or high-risk IP addresses. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/ips +``` + +### Response + +A successful response will return a list of suspicious or high-risk IP addresses that will be banned. + +```json +{ + "_id":"", + "modified":"2020-11:00:00T00:00:01.62Z", + "feed":["193.171.1.1","193.171.1.2"]}, + "digest":"" +} +``` diff --git a/openapi-specs/compute/32-05/desc/feeds/ips_put.md b/openapi-specs/compute/32-05/desc/feeds/ips_put.md new file mode 100644 index 000000000..6f8fc2419 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/feeds/ips_put.md @@ -0,0 +1,21 @@ +Bans a custom list of suspicious or high-risk IP addresses. + +**Note:** Any previously installed lists are overwritten. + +### cURL Request + +The following cURL command installs a custom list of banned suspicious or high-risk IP addresses. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{"name":"banned-ips", "feed":["193.171.1.1","193.171.1.2"]}' \ + https:///api/v1/feeds/custom/ips +``` + +**Note:** No response will be returned upon successful execution. + +To confirm the IPs have been added to the ban list, invoke the `GET /api/v1/feeds/custom/ips` endpoint. + diff --git a/openapi-specs/compute/32-05/desc/feeds/malware_digest_get.md b/openapi-specs/compute/32-05/desc/feeds/malware_digest_get.md new file mode 100644 index 000000000..005c476a2 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/feeds/malware_digest_get.md @@ -0,0 +1,16 @@ +Retrieves the digest string for all the MD5 signatures of malicious executables configured in Console. + +### cURL Request + +The following cURL command retrieves the digest for the configured list for the MD5 signatures of malicious executables. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/malware/digest +``` + +A successful response will return the digest string. This is the same value as the `digest` property in the response of the `GET api/v1/feeds/custom/malware` endpoint. + diff --git a/openapi-specs/compute/32-05/desc/feeds/malware_get.md b/openapi-specs/compute/32-05/desc/feeds/malware_get.md new file mode 100644 index 000000000..2a7aa128b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/feeds/malware_get.md @@ -0,0 +1,35 @@ +Returns the customized list of MD5 signatures of malicious executables. + +### cURL Request + +Refer to the following cURL command that retrieves the list of MD5 signatures of malicious executables: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/feeds/custom/malware" +``` + +### Response + +A successful response will return a list of MD5 signatures of malicious executables. + +```json +{ + "_id":"", + "modified":"2020-11:00:00T00:00:01.62Z", + "feed": [ + { + "name": "dimaaa", + "md5": "d4ba1008e7d97458fdd65deca2ba801b" + }, + { + "name": "emacs", + "md5": "5ce9d1116755f827f5d1e06246dd30b9" + } + ] + "digest":"" +} +``` diff --git a/openapi-specs/compute/32-05/desc/feeds/malware_put.md b/openapi-specs/compute/32-05/desc/feeds/malware_put.md new file mode 100644 index 000000000..7e6ec5da0 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/feeds/malware_put.md @@ -0,0 +1,34 @@ +Creates a custom list of malware MD5 signatures of malicious executables. + +> **Note:** Any previously installed lists are overwritten. + +### cURL Request + +Refer to the following cURL command that installs a custom list of malware MD5 signatures of malicious executables: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d ' +{ + "name": "malware-sigs", + "feed": [ + { + "name": "dimaaa", + "md5": "d4ba1008e7d57458fdd65deca2ba801b" + }, + { + "name": "emacs", + "md5": "5ce9d1116755f827f5d1e06246dd30b9" + } + ] +}' \ + "https:///api/v/feeds/custom/malware" +``` + +**Note:** No response will be returned upon successful execution. + +To confirm the malware list has been added / overwritten to the ban list, invoke the `GET /api/vVERSION/feeds/custom/malware` endpoint. + diff --git a/openapi-specs/compute/32-05/desc/feeds/refresh_post.md b/openapi-specs/compute/32-05/desc/feeds/refresh_post.md new file mode 100644 index 000000000..a83c40d10 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/feeds/refresh_post.md @@ -0,0 +1,9 @@ +Triggers Console to refresh its data from the **Intelligence Stream** + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/feeds/offline/refresh +``` diff --git a/openapi-specs/compute/32-05/desc/forensic/activities_download_get.md b/openapi-specs/compute/32-05/desc/forensic/activities_download_get.md new file mode 100644 index 000000000..8a2dbd926 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/forensic/activities_download_get.md @@ -0,0 +1,12 @@ +Downloads all host activities that can be found on *Monitor > Events > Host Activities* + +Use the query parameters to filter what data is returned. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o host_activities.csv + https://:8083/api/v1/forensic/activities/download +``` diff --git a/openapi-specs/compute/32-05/desc/forensic/activities_get.md b/openapi-specs/compute/32-05/desc/forensic/activities_get.md new file mode 100644 index 000000000..c8fb1d0cd --- /dev/null +++ b/openapi-specs/compute/32-05/desc/forensic/activities_get.md @@ -0,0 +1,11 @@ +Retrieves all host activities that can be found on *Monitor > Events > Host Activities*. + +Use the query parameters to filter what data is returned. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/forensic/activities +``` diff --git a/openapi-specs/compute/32-05/desc/forensic/forensic.md b/openapi-specs/compute/32-05/desc/forensic/forensic.md new file mode 100644 index 000000000..210cbbe96 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/forensic/forensic.md @@ -0,0 +1 @@ +The forensic endpoint will return data for host activities. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/groups/get.md b/openapi-specs/compute/32-05/desc/groups/get.md new file mode 100644 index 000000000..6a0daa2eb --- /dev/null +++ b/openapi-specs/compute/32-05/desc/groups/get.md @@ -0,0 +1,15 @@ +Retrieves the list of all groups. + +This endpoint maps to the table data on the **Manage > Authentication > Groups** Console UI page. + +### cURL Request + +Refer to the following example cURL command that retrieves all the system groups. + +```bash +$ curl -k \ + -X GET \ + -u \ + -H 'Content-Type: application/json' \ + https:///api/v/groups +``` diff --git a/openapi-specs/compute/32-05/desc/groups/groups.md b/openapi-specs/compute/32-05/desc/groups/groups.md new file mode 100644 index 000000000..a1e5e93a0 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/groups/groups.md @@ -0,0 +1,3 @@ +Manage (create, modify, delete) groups in the system. +If you integrated OpenLDAP, AD, or SAML, you can re-use groups from there, and assign roles to them as appropriate. +Otherwise, create Prisma Cloud Compute local groups to manage privileges for groups of users. diff --git a/openapi-specs/compute/32-05/desc/groups/id_delete.md b/openapi-specs/compute/32-05/desc/groups/id_delete.md new file mode 100644 index 000000000..5962a1135 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/groups/id_delete.md @@ -0,0 +1,23 @@ +Deletes a group. +The `id` can be retrieved from the `GET /api/v1/groups` endpoint. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Groups**. +2. Click the dotted icon under the **Actions** column to open the menu options. +3. Click the **Delete** button to initiate the deletion. +4. Click the **Delete Group** button to confirm the deletion. + +### cURL Request + +The following cURL command deletes a collection with the name `{id}`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + 'https:///api/v1/groups/{id}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/groups/id_put.md b/openapi-specs/compute/32-05/desc/groups/id_put.md new file mode 100644 index 000000000..5bc1a81a8 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/groups/id_put.md @@ -0,0 +1,43 @@ +Creates or modifies a group. +The `id` can be retrieved with from the `GET /api/v1/groups` endpoint. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Groups**. +2. Click the row of the group you want to update or click dotted icon under the **Actions** column to open the menu options and click the **Manage** button. +3. Update the group's parameters. +4. Click the **Save** button to save the changes. + +### cURL Request + +The PUT cURL command updates a group. + +**To submit a cURL request:** + +* The `name` value is required. +* If one of the following resources is left unspecified, the resource value will be set to a wildcard `[*]`: `hosts`, `images`, `labels`, `containers`, `functions`, `namespaces`, `appIDs`, `accountIDs`, `codeRepos`, `clusters` + +The following cURL command updates `my-group` with the users associated with the usernames `john` and `jane`. + +**Note:** You can retrieve the group `id` names from the `GET /api/v1/groups`. + +```bash +$ curl 'https:///api/v1/groups/{id}' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "groupName": "my-group", + "user": [ + {"username": "john"}, + {"username": "jane"} + ], + "lastModified":"2021-03-11T23:32:51.336Z" +}' +``` + +You must include a `lastModified` timestamp even though it will be overwritten by the system + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/groups/names.md b/openapi-specs/compute/32-05/desc/groups/names.md new file mode 100644 index 000000000..80f34f536 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/groups/names.md @@ -0,0 +1,26 @@ +Retrieves a list of all group names as an array of strings. + +This endpoint maps to the table data on the **Manage > Authentication > Groups** Console UI page. + +### cURL Request + +Refer to the following example cURL command that retrieves all the system groups: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H 'Content-Type: application/json' \ + https:///api/v/groups/names +``` + +A sample output would look similar to this: + +```json +[ + "admins", + "secops", + "devops", + "" +] +``` diff --git a/openapi-specs/compute/32-05/desc/groups/post.md b/openapi-specs/compute/32-05/desc/groups/post.md new file mode 100644 index 000000000..d0fc23a6d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/groups/post.md @@ -0,0 +1,33 @@ +Creates a group with users. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Groups**. +2. Add a collection using **+ Add group**. +3. Enter a group name and add at least one user. +3. Click the **Save** button. + +### cURL Request + +Refer to the following example cURL command that creates a new group named `my-group`: + +```bash +$ curl -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "groupName": "my-group", + "user": [ + {"username": "john"}, + {"username": "jane"} + ] +}' \ +'https:///api/v/groups' +``` +This group includes the users associated with the usernames `john` and `jane`. + +**Note:** You must use usernames that already exist in the system. + +No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/high-availability/get.md b/openapi-specs/compute/32-05/desc/high-availability/get.md new file mode 100644 index 000000000..a988d47ef --- /dev/null +++ b/openapi-specs/compute/32-05/desc/high-availability/get.md @@ -0,0 +1,11 @@ +Returns the status of high high availability. + +A curl command to access this endpoint may resemble the following code snippet: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H 'Content-Type: application/json' \ + https://:8083/api/v1/high-availability \ +``` diff --git a/openapi-specs/compute/32-05/desc/hosts/download_get.md b/openapi-specs/compute/32-05/desc/hosts/download_get.md new file mode 100644 index 000000000..ab691fb49 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/hosts/download_get.md @@ -0,0 +1,19 @@ +Downloads all host scan reports in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Vulnerabilities > Hosts > Running hosts** in the Console UI. + +**Note**: The query parameters `fields`, `complianceID` and `normalizedSeverity` are not supported for this API endpoint. + +### cURL Request + +Refer to the following example cURL command that downloads all host scan reports to a CSV file called `hosts_report.csv`: + +```bash +curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET -o hosts_report.csv \ + https:///api/v/hosts/download +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/32-05/desc/hosts/evaluate_get.md b/openapi-specs/compute/32-05/desc/hosts/evaluate_get.md new file mode 100644 index 000000000..8f866d89a --- /dev/null +++ b/openapi-specs/compute/32-05/desc/hosts/evaluate_get.md @@ -0,0 +1 @@ +Adds vulnerability data for the given host. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/hosts/filters_get.md b/openapi-specs/compute/32-05/desc/hosts/filters_get.md new file mode 100644 index 000000000..4bf6df5e6 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/hosts/filters_get.md @@ -0,0 +1,11 @@ +Returns host filters such as distribution and host name. + +A curl command to access this endpoint may resemble the following code snippet: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/hosts/filters \ +``` diff --git a/openapi-specs/compute/32-05/desc/hosts/get.md b/openapi-specs/compute/32-05/desc/hosts/get.md new file mode 100644 index 000000000..d125c9d7b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/hosts/get.md @@ -0,0 +1,45 @@ +Retrieves all host scan reports. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to the **Running hosts** table in **Monitor > Vulnerabilities > Hosts > Running hosts** in the Console UI. + +Refer to the following available options for the `fields` query parameters: +* type +* hostname +* collections +* firewallProtection +* agentless +* stopped +* scanID +* err +* labels +* externalLabels +* clusters +* cloudMetadata +* ecsClusterName +* k8sClusterAddr +* vulnerabilityRiskScore +* complianceIssuesCount +* complianceRiskScore +* complianceDistribution +* vulnerabilityDistribution +* vulnerabilitiesCount +* osDistro +* distro +* osDistroRelease + +### cURL Request + +Refer to the following cURL command that retrieves all host scan reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/hosts +``` + +A successful response returns all host scan reports. diff --git a/openapi-specs/compute/32-05/desc/hosts/hosts.md b/openapi-specs/compute/32-05/desc/hosts/hosts.md new file mode 100644 index 000000000..c50ea307b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/hosts/hosts.md @@ -0,0 +1,4 @@ +Host scan reports. + +Prisma Cloud Compute scans the host machines in your container environment for CVEs and compliance issues. +Scan reports are generated for any host running Defender. diff --git a/openapi-specs/compute/32-05/desc/hosts/info_get.md b/openapi-specs/compute/32-05/desc/hosts/info_get.md new file mode 100644 index 000000000..be456b46b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/hosts/info_get.md @@ -0,0 +1,11 @@ +Returns minimal information that includes hostname, distro, distro-release, collections, clusters, and agentless about all deployed hosts. + +A curl command to access this endpoint may resemble the following code snippet: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/hosts/info +``` diff --git a/openapi-specs/compute/32-05/desc/hosts/scan_post.md b/openapi-specs/compute/32-05/desc/hosts/scan_post.md new file mode 100644 index 000000000..6b72cbfa3 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/hosts/scan_post.md @@ -0,0 +1,10 @@ +Re-scan all hosts immediately. + +Refer to the following example command that forces Prisma Cloud Compute to re-scan all hosts: + +```bash +$ curl -k \ + -u \ + -X POST \ + https:///api/v/hosts/scan +``` diff --git a/openapi-specs/compute/32-05/desc/how_to_eval_console.md b/openapi-specs/compute/32-05/desc/how_to_eval_console.md new file mode 100644 index 000000000..33f19ce65 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/how_to_eval_console.md @@ -0,0 +1,35 @@ +All the example API commands in these documents specify a `` variable, which represents the address for Console. +The Console address will depend on how Console was installed. + +#### For SaaS Installations + +To find your `` path for a SaaS environment: + +1. Log into Console. +2. Navigate to **Compute** > **Manage** > **System** > **Downloads**. +3. You can find your `` path listed under **Path to Console**. Click **Copy** to quickly copy the path to your clipboard. + +console + + + +#### For Self-hosted Installations + +For self-hosted environments, the Prisma Cloud Compute API is exposed on port `8083` (HTTPS). +This port is specified at install time in `twistlock.cfg`. + +* **(Default) Kubernetes installations:** Console service is exposed by a LoadBalancer. + + The value for `` is the LoadBalancer followed by port `8083`: + + ``` + https://:8083 + ``` + +* **Onebox installations:** Console installed on a stand-alone host. + + The value for `` is the IP address or DNS name of the host followed by port `8083`: + + ``` + https://:8083 + ``` diff --git a/openapi-specs/compute/32-05/desc/images/defender_layer_get.md b/openapi-specs/compute/32-05/desc/images/defender_layer_get.md new file mode 100644 index 000000000..1dfe3633d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/images/defender_layer_get.md @@ -0,0 +1,14 @@ +Returns the the Prisma Cloud Compute Defender in as a layer that can be used in an AWS Lambda implementation. + +## cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H "Content-Type: application/octet-stream" \ + -o twistlock_defender_layer.zip \ + https:///api/v1/images/twistlock_defender_layer.zip +``` diff --git a/openapi-specs/compute/32-05/desc/images/defender_rasp_get.md b/openapi-specs/compute/32-05/desc/images/defender_rasp_get.md new file mode 100644 index 000000000..a8e145ff7 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/images/defender_rasp_get.md @@ -0,0 +1,12 @@ +Returns the the Prisma Cloud Compute Defender as the RASP Defender + +A curl command to access this endpoint may resemble the following code snippet: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H "Content-Type: application/octet-stream" \ + -o twistlock_defender_rasp.tar.gz \ + https://:8083/api/v1/images/twistlock_defender_rasp.tar.gz +``` diff --git a/openapi-specs/compute/32-05/desc/images/download_get.md b/openapi-specs/compute/32-05/desc/images/download_get.md new file mode 100644 index 000000000..713114955 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/images/download_get.md @@ -0,0 +1,40 @@ +Downloads image scan reports in CSV format. + +This endpoint maps to **Monitor > Compliance > Images > Deployed** in the Console UI. + +Consider the following available options to retrieve when you use the `fields` query parameter: +- labels +- repoTag.repo +- repoTag.registry +- clusters +- hosts +- repoTag.tag + +### cURL Request + +Refer to the following cURL command that generates a CSV file containing the scan reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/images/download" \ + > images.csv +``` + +Refer to the following example cURL command that might be useful for developers: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/images/download?id={id}&layers=true" \ + > images.csv +``` +where an example `{id}` is `sha256:abd4f451ddb707c8e68a36d695456a515cdd6f9581b7a8348a380030a6fd7689`. + +It takes an image ID as the input parameter, and generates a CSV file that lists all vulnerable packages in a given image, organized by layer, with both the affected and fixed versions. + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/32-05/desc/images/evaluate_get.md b/openapi-specs/compute/32-05/desc/images/evaluate_get.md new file mode 100644 index 000000000..a0df77215 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/images/evaluate_get.md @@ -0,0 +1 @@ +Adds vulnerability data for the given images. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/images/get.md b/openapi-specs/compute/32-05/desc/images/get.md new file mode 100644 index 000000000..6c82341b6 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/images/get.md @@ -0,0 +1,50 @@ +Retrieves image scan reports. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to the image table in **Monitor > Compliance > Images > Deployed** in the Console UI. + +> _**Note:**_ The `image` object of the response was created for internal use of Prisma Cloud Compute for image scanning and analysis. Therefore, its inner fields are not saved in the database and will return empty in the endpoint response. You can get some of its values, such as `labels` and `history`, from the main structure of the response. + +Consider the following available options to retrieve when you use the `fields` query parameter: +- labels +- repoTag.repo +- repoTag.registry +- clusters +- hosts +- repoTag.tag +### cURL Request + +Refer to the following cURL command that retrieves a compact scan report for all images: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/images" +``` + +Refer to the following cURL command that retrieves a compact scan report for an Ubuntu image: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/images?name=https:///ubuntu:latest&compact=true" +``` +The name query is synonymous with the filter images text field in the Console UI. + +Refer to the following cURL command that retrieves the scan report for an image with the matching SHA-256 hash: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/images?id=sha256:d461f1845c43105d7d686a9cfca9d73b0272b1dcd0381bf105276c978cb02832" +``` + +A successful response returns the image scan reports. diff --git a/openapi-specs/compute/32-05/desc/images/images.md b/openapi-specs/compute/32-05/desc/images/images.md new file mode 100644 index 000000000..49b429bab --- /dev/null +++ b/openapi-specs/compute/32-05/desc/images/images.md @@ -0,0 +1,3 @@ +Image scan reports. + +Note that the compliance issues in an image might be different (fewer) than those in a running instance of the image (a container). diff --git a/openapi-specs/compute/32-05/desc/images/names_get.md b/openapi-specs/compute/32-05/desc/images/names_get.md new file mode 100644 index 000000000..3db6f5429 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/images/names_get.md @@ -0,0 +1,13 @@ +Returns an array of strings containing image names. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H 'Content-Type: application/json' \ + https:///api/v/images/names +``` diff --git a/openapi-specs/compute/32-05/desc/images/scan_post.md b/openapi-specs/compute/32-05/desc/images/scan_post.md new file mode 100644 index 000000000..8d802727a --- /dev/null +++ b/openapi-specs/compute/32-05/desc/images/scan_post.md @@ -0,0 +1,12 @@ +Re-scan all images immediately. This endpoint returns the time that the scans were initiated. + +### cURL Request + +Refer to the following example cURL command that forces Prisma Cloud Compute to re-scan all images: + +```bash +$ curl -k \ + -u \ + -X POST \ + https:///api/v/images/scan +``` diff --git a/openapi-specs/compute/32-05/desc/images/twistlock_defender_app_embedded_tar_gz_get.md b/openapi-specs/compute/32-05/desc/images/twistlock_defender_app_embedded_tar_gz_get.md new file mode 100644 index 000000000..618d35c93 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/images/twistlock_defender_app_embedded_tar_gz_get.md @@ -0,0 +1 @@ +Generates the embedded defender bundle and serves it to the user. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/images/twistlock_defender_layer_zip_post.md b/openapi-specs/compute/32-05/desc/images/twistlock_defender_layer_zip_post.md new file mode 100644 index 000000000..64c3cccc2 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/images/twistlock_defender_layer_zip_post.md @@ -0,0 +1 @@ +Returns a ZIP file with a Lambda layer containing the Defender runtime. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/images/twistlock_defender_tar_gz_get.md b/openapi-specs/compute/32-05/desc/images/twistlock_defender_tar_gz_get.md new file mode 100644 index 000000000..7852e12ba --- /dev/null +++ b/openapi-specs/compute/32-05/desc/images/twistlock_defender_tar_gz_get.md @@ -0,0 +1,9 @@ +Download the Container Defender image for Linux platforms. + +```bash +$ curl -k \ + -u \ + -H "Content-Type: application/octet-stream" \ + -o twistlock_defender.tar.gz \ + https://:8083/api/v1/images/twistlock_defender.tar.gz +``` diff --git a/openapi-specs/compute/32-05/desc/intro.md b/openapi-specs/compute/32-05/desc/intro.md new file mode 100644 index 000000000..9038a3734 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/intro.md @@ -0,0 +1,92 @@ +# How to evaluate + +All the example API commands in these documents specify a `` variable, which represents the address for Console. +The Console address will depend on how Console was installed. + +## For SaaS Installations + +To find your `` path for a SaaS environment: + +1. Log into Console. +2. Navigate to **Compute** > **Manage** > **System** > **Downloads**. +3. You can find your `` path listed under **Path to Console**. Click **Copy** to quickly copy the path to your clipboard. + +console + + + +## For Self-hosted Installations + +For self-hosted environments, the Prisma Cloud Compute API is exposed on port `8083` (HTTPS). +This port is specified at install time in `twistlock.cfg`. + +* **(Default) Kubernetes installations:** Console service is exposed by a LoadBalancer. + + The value for `` is the LoadBalancer followed by port `8083`: + + ``` + https://:8083 + ``` + +* **Onebox installations:** Console installed on a stand-alone host. + + The value for `` is the IP address or DNS name of the host followed by port `8083`: + + ``` + https://:8083 + ``` + +# Using the curl example commands + + +The cURL example for each endpoint is called with a username (`-u `) only. +The cURL can be modified to use any of the following: + +* **Authentication Token:** Use the `-H` option to pass the authentication token from the `/api/v1/authenticate` endpoint into the request header. + +For example, replace `` with the token from the `/api/v1/authenticate` endpoint. + +```bash +$ curl -k \ +-H 'Authorization: Bearer ' \ +-X POST \ +https:///api/v1/ +``` + +* **Username and Password:** Use the `-u` and `-p` options to include the username and password, eliminating the need to enter a password in a secondary step. + +For example, replace `` with the username string and `` with the password string. + +```bash +$ curl -k \ +-u \ +-p \ +-X POST \ +https:///api/v1/ +``` + +* **Username Only:** This will require the user's password to be entered as a secondary step. + +For example, replace `` with the username string. + +```bash +$ curl -k \ +-u \ +-X POST \ +https:///api/v1/ +``` + +**Note:** This is a more secure method than including the `-p` option since your terminal history won't contain the password. + + +# API restrictions + + +Paginated API requests are capped to a max of 50 returned objects because very large responses could DoS Console. + +If the response contains more than 50 objects, cycle through the collection with the `offset` query parameter to retrieve more objects. +For example: + +``` +https:///api/v1/images?limit=50&offset=X +``` diff --git a/openapi-specs/compute/32-05/desc/kubernetes/kubernetes.md b/openapi-specs/compute/32-05/desc/kubernetes/kubernetes.md new file mode 100644 index 000000000..cbc430983 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/kubernetes/kubernetes.md @@ -0,0 +1 @@ +Kubernetes diff --git a/openapi-specs/compute/32-05/desc/kubernetes/scan_post.md b/openapi-specs/compute/32-05/desc/kubernetes/scan_post.md new file mode 100644 index 000000000..15d614c1a --- /dev/null +++ b/openapi-specs/compute/32-05/desc/kubernetes/scan_post.md @@ -0,0 +1,11 @@ +This endpoint will trigger a Kubernetes scan. + +The following example curl command uses basic auth to initiate this scan: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/kubernetes/scan +``` diff --git a/openapi-specs/compute/32-05/desc/logs/console_get.md b/openapi-specs/compute/32-05/desc/logs/console_get.md new file mode 100644 index 000000000..80ece6611 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/logs/console_get.md @@ -0,0 +1,11 @@ +Retrieves the latest Console log messages. + +The following example curl command retrieves the 10 latest Console log messages: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/logs/console?lines=10 +``` diff --git a/openapi-specs/compute/32-05/desc/logs/defender_download_get.md b/openapi-specs/compute/32-05/desc/logs/defender_download_get.md new file mode 100644 index 000000000..5d6718db0 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/logs/defender_download_get.md @@ -0,0 +1,14 @@ +This endpoint will return the defender logs with `tar.gz` file extension given the hostname of the defender. + +The hostname can be returned from the endpoint `/defenders/names` + +The following example curl command uses basic auth to download the logs: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o defender_logs.tar.gz + https://:8083/api/v1/logs/defender/download?hostname={hostname} +``` diff --git a/openapi-specs/compute/32-05/desc/logs/defender_get.md b/openapi-specs/compute/32-05/desc/logs/defender_get.md new file mode 100644 index 000000000..1e733a746 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/logs/defender_get.md @@ -0,0 +1,15 @@ +Retrieves the latest log messages for a given Defender. +The Defender is specified by the host where it runs. +You can retrieve the hostname for each Defender from the `GET /api/v1/defenders` endpoint. + +The following example curl command retrieves the 10 log messages for the Defender that runs on `worker.sandbox.internal`. +Note that you must quote the URL when running the following command. +Otherwise the shell misinterprets the ampersand (`&`) as the end of the command, and puts the curl command in the background. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https://:8083/api/v1/logs/defender?lines=10&hostname=worker.sandbox.internal" +``` diff --git a/openapi-specs/compute/32-05/desc/logs/logs.md b/openapi-specs/compute/32-05/desc/logs/logs.md new file mode 100644 index 000000000..62129734e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/logs/logs.md @@ -0,0 +1 @@ +Retrieve log messages from Console and Defender. diff --git a/openapi-specs/compute/32-05/desc/logs/system_download_get.md b/openapi-specs/compute/32-05/desc/logs/system_download_get.md new file mode 100644 index 000000000..1e5b5b873 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/logs/system_download_get.md @@ -0,0 +1,13 @@ +This endpoint will return the system debug logs with `tar.gz` file extension. + + +The following example curl command uses basic auth to download the logs: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o {file_name}.tar.gz + https://:8083/api/v1/logs/system/download +``` diff --git a/openapi-specs/compute/32-05/desc/pcf-droplets/addresses_get.md b/openapi-specs/compute/32-05/desc/pcf-droplets/addresses_get.md new file mode 100644 index 000000000..257a47455 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/pcf-droplets/addresses_get.md @@ -0,0 +1,13 @@ +This endpoint will return the cloud controller addresses configured for PCF Blobstore scanning. + +You can also add optional query parameters to this API call, in this example `cloudControllerAddresses` and/or `id` + +The following example curl command retrieves the list of addresses: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https://:8083/api/v1/pcf-droplets/addresses?cloudControllerAddresses={cloudControllerAddresses}&id={id}" +``` diff --git a/openapi-specs/compute/32-05/desc/pcf-droplets/download_get.md b/openapi-specs/compute/32-05/desc/pcf-droplets/download_get.md new file mode 100644 index 000000000..ad761e744 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/pcf-droplets/download_get.md @@ -0,0 +1,13 @@ +This endpoint will download the list of configured cloud controller addresses configured for PCF Blobstore scanning. + +The following example curl command retrieves the list of addresses and outputs it to a file call `PCF_blobstores.csv`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o PCF_blobstores.csv + "https://:8083/api/v1/pcf-droplets/download?cloudControllerAddresses={cloudControllerAddresses}&id={id}" +``` + diff --git a/openapi-specs/compute/32-05/desc/pcf-droplets/get.md b/openapi-specs/compute/32-05/desc/pcf-droplets/get.md new file mode 100644 index 000000000..930d16948 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/pcf-droplets/get.md @@ -0,0 +1,11 @@ +This endpoint will return the full metadata of PCF blobstore from page **Monitor > Vulnerabilities > PCF** within the Console. + +The following example curl command will retrieve this: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https://:8083/api/v1/pcf-droplets?cloudControllerAddresses={cloudControllerAddresses}&id={id}" +``` diff --git a/openapi-specs/compute/32-05/desc/pcf-droplets/pcf-droplets.md b/openapi-specs/compute/32-05/desc/pcf-droplets/pcf-droplets.md new file mode 100644 index 000000000..0719fcaf5 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/pcf-droplets/pcf-droplets.md @@ -0,0 +1,3 @@ +Scan reports for the VMWare Tanzu Application Service (TAS) droplets in your blobstore(s). +Droplets are archives that contain ready to run applications. +They contain an OS stack, a buildpack (which contains the languages, libraries, and services used by the app), and custom app code. diff --git a/openapi-specs/compute/32-05/desc/pcf-droplets/scan_post.md b/openapi-specs/compute/32-05/desc/pcf-droplets/scan_post.md new file mode 100644 index 000000000..34e75b26c --- /dev/null +++ b/openapi-specs/compute/32-05/desc/pcf-droplets/scan_post.md @@ -0,0 +1,11 @@ +This endpoint will kick off a scan of the any PCF Blobstores you have configured. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/pcf-droplets/scan +``` diff --git a/openapi-specs/compute/32-05/desc/pcf-droplets/stop_post.md b/openapi-specs/compute/32-05/desc/pcf-droplets/stop_post.md new file mode 100644 index 000000000..94c376972 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/pcf-droplets/stop_post.md @@ -0,0 +1,11 @@ +This endpoint will instruct the PFC Defenders to stop scanning. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/pcf-droplets/stop +``` diff --git a/openapi-specs/compute/32-05/desc/policies/compliance_ci_images_get.md b/openapi-specs/compute/32-05/desc/policies/compliance_ci_images_get.md new file mode 100644 index 000000000..f97130a97 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/compliance_ci_images_get.md @@ -0,0 +1,18 @@ +Retrieves the compliance policy for images scanned in your continuous integration (CI) pipeline. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Compliance > Containers and images > CI** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/compliance/ci/images' +``` + +A successful response returns a list of compliance rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/compliance_ci_images_put.md b/openapi-specs/compute/32-05/desc/policies/compliance_ci_images_put.md new file mode 100644 index 000000000..294add6f6 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/compliance_ci_images_put.md @@ -0,0 +1,58 @@ +Updates the compliance policy for images scanned in your continuous integration (CI) pipeline. +All rules in the policy are updated in a single shot. + +The policy set in this endpoint is enforced by the scanners in the Jenkins plugin and the `twistcli` command line tool. + +This endpoint maps to the policy table in **Defend > Compliance > Containers and images > CI** in the Console UI. + + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +To construct an effective rule for this policy, specify at least one "check" and the `effect`. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Containers and images > CI** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl 'https:///api/v/policies/compliance/ci/images' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "my-rule", + "effect": "alert", + "collections":[ + { + "name":"All" + } + ], + "condition": { + "vulnerabilities": [ + { + "id": 41, + "block": false, + "minSeverity": 1 + } + ] + } + } + ], + "policyType": "ciImagesCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. + + + diff --git a/openapi-specs/compute/32-05/desc/policies/compliance_ci_serverless_get.md b/openapi-specs/compute/32-05/desc/policies/compliance_ci_serverless_get.md new file mode 100644 index 000000000..59195f070 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/compliance_ci_serverless_get.md @@ -0,0 +1,19 @@ +Retrieves the compliance policy for serverless functions built in your Continuous Integration (CI) pipeline. +A policy consists of ordered rules. + +This endpoint maps to the policy table in **Defend > Compliance > Functions > CI** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/policies/compliance/ci/serverless +``` + +A successful response contains a list of compliance rules in the policy. + diff --git a/openapi-specs/compute/32-05/desc/policies/compliance_ci_serverless_put.md b/openapi-specs/compute/32-05/desc/policies/compliance_ci_serverless_put.md new file mode 100644 index 000000000..b25c34aae --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/compliance_ci_serverless_put.md @@ -0,0 +1,50 @@ +Updates the compliance policy for serverless functions built in your Continuous Integration (CI) pipeline. +All rules in the policy are updated in a single shot. + +The policy set in this endpoint is enforced by the scanners in the Jenkins plugin and the `twistcli` command line tool. + +This endpoint maps to the policy table in **Defend > Compliance > Functions > CI** in the Console UI. + +To construct an effective rule for this policy, specify at least one "check" and one `effect` value. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Functions > CI** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/compliance/ci/serverless' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "my-rule", + "effect": "alert", + "collections":[ + { + "name":"All" + } + ], + "condition": { + "vulnerabilities": [ + { + "id": 436, + "block": false, + "minSeverity": 1 + } + ] + } + } + ], + "policyType": "ciServerlessCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/compliance_container_get.md b/openapi-specs/compute/32-05/desc/policies/compliance_container_get.md new file mode 100644 index 000000000..7f10245ea --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/compliance_container_get.md @@ -0,0 +1,18 @@ +Retrieves the compliance policy for running containers. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Compliance > Containers and images > Deployed** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/compliance/container' +``` + +A successful response returns a list of compliance rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/compliance_container_impacted_get.md b/openapi-specs/compute/32-05/desc/policies/compliance_container_impacted_get.md new file mode 100644 index 000000000..607bfa3c8 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/compliance_container_impacted_get.md @@ -0,0 +1,21 @@ +Lists the containers caught by your compliance policy on a per-rule basis. +These rule names can be found from the `name` variable in the response from a `GET` on the basic policies/compliance endpoint. + +To see where Console invokes this endpoint: + +* In Console, go to **Defend > Compliance > Containers and images > Deployed**. +* In the **Compliance rules** section, click **Show** under the **Entities in scope** column for a rule. +* The endpoint is invoked when the pop-up is displayed. + +### cURL Request + +The following cURL command returns a list of containers captured by ``. + +```bash +$ curl -k \ + -u \ + -X GET \ + 'https:///api/v/policies/compliance/container/impacted?ruleName=' +``` + +A successful response contains a list of impacted containers by a rule within the context of the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/compliance_container_put.md b/openapi-specs/compute/32-05/desc/policies/compliance_container_put.md new file mode 100644 index 000000000..2e9616ea0 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/compliance_container_put.md @@ -0,0 +1,49 @@ +Updates the compliance policy for running containers. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Compliance > Containers and images > Deployed** in the Console UI. + +To construct an effective rule for this policy, specify at least one "check" and one `effect` value. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Containers and images > Deployed** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/compliance/container' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name": "my-rule", + "effect": "alert", + "collections":[ + { + "name":"All" + } + ], + "condition": { + "vulnerabilities": [ + { + "id": 531, + "block": false, + "minSeverity": 1 + } + ] + } + } + ], + "policyType":"containerCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/32-05/desc/policies/compliance_host_get.md b/openapi-specs/compute/32-05/desc/policies/compliance_host_get.md new file mode 100755 index 000000000..c029ecf7f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/compliance_host_get.md @@ -0,0 +1,18 @@ +Retrieves the compliance policy for hosts protected by Defender. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Compliance > Hosts > Running hosts** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/compliance/host' +``` + +A successful response returns a list of compliance rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/compliance_host_put.md b/openapi-specs/compute/32-05/desc/policies/compliance_host_put.md new file mode 100755 index 000000000..9b1e4ce75 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/compliance_host_put.md @@ -0,0 +1,48 @@ +Updates the compliance policy for hosts protected by Defender. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Compliance > Hosts > Running hosts** in the Console UI. + +To construct an effective rule for this policy, specify at least one "check" and one `effect` value. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Hosts > Running Hosts** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +### cURL Request + +Refer tp the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/compliance/host' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "effect":"alert", + "collections":[ + { + "name":"All" + } + ], + "condition":{ + "vulnerabilities":[ + { + "id":6151, + "block":false + } + ] + } + } + ], + "policyType":"hostCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/32-05/desc/policies/compliance_serverless_get.md b/openapi-specs/compute/32-05/desc/policies/compliance_serverless_get.md new file mode 100755 index 000000000..c7de886c1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/compliance_serverless_get.md @@ -0,0 +1,18 @@ +Retrieves the compliance policy for serverless functions situated in your cloud provider's infrastructure. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Compliance > Functions > Functions** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/compliance/serverless' +``` + +A successful response returns a list of compliance rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/compliance_serverless_put.md b/openapi-specs/compute/32-05/desc/policies/compliance_serverless_put.md new file mode 100755 index 000000000..ea44d297e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/compliance_serverless_put.md @@ -0,0 +1,48 @@ +Updates the compliance policy for serverless functions situated in your cloud provider's infrastructure. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Compliance > Functions > Functions** in the Console UI. + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +To construct an effective rule for this policy, specify at least one "check" and one `effect` value. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Functions > Functions** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +```bash +$ curl 'https:///api/v/policies/compliance/serverless' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "effect":"alert", + "collections":[ + { + "name":"All" + } + ], + "condition":{ + "vulnerabilities":[ + { + "id":434, + "block":false + } + ] + } + } + ], + "policyType":"serverlessCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/32-05/desc/policies/compliance_vms_get.md b/openapi-specs/compute/32-05/desc/policies/compliance_vms_get.md new file mode 100755 index 000000000..f7d7e1a49 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/compliance_vms_get.md @@ -0,0 +1,18 @@ +Retrieves the compliance policy for VM images scanned in your cloud accounts. +A policy consists of ordered rules. + +This endpoint maps to the policy table in **Defend > Compliance > Hosts > VM images** in the Console UI. + +### cURL Request + +The following cURL command retrieves all rules in the policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/compliance/vms' +``` + +A successful response returns a list of compliance rules in the policy. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/compliance_vms_impacted_get.md b/openapi-specs/compute/32-05/desc/policies/compliance_vms_impacted_get.md new file mode 100644 index 000000000..9cf5b9d03 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/compliance_vms_impacted_get.md @@ -0,0 +1,16 @@ +Retrieves a list of all resources a compliance rule impacts. +These rule names can be found from the `name` variable in the response from a `GET` on the basic policies/compliance endpoint. + +Use query parameters to retrieve the list of impacted resources by *account ID*, *rule name*, or *collection*. + +### cURL Request + +Refer to the following example cURL command, which retrieves a list of impacted resources: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/policies/compliance/vms/impacted" +``` diff --git a/openapi-specs/compute/32-05/desc/policies/compliance_vms_put.md b/openapi-specs/compute/32-05/desc/policies/compliance_vms_put.md new file mode 100755 index 000000000..f38b1c61f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/compliance_vms_put.md @@ -0,0 +1,48 @@ +Updates the compliance policy for VM images scanned in your cloud accounts. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Compliance > Hosts > VM images** in the Console UI. + + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +To construct an effective rule for this policy, specify at least one "check" and one `effect` value. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Hosts > VM images** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +```bash +$ curl 'https:///api/v/policies/compliance/vms' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "effect":"alert", + "collections":[ + { + "name":"All" + } + ], + "condition":{ + "vulnerabilities":[ + { + "id":6151, + "block":false + } + ] + } + } + ], + "policyType":"vmCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/docker_get.md b/openapi-specs/compute/32-05/desc/policies/docker_get.md new file mode 100644 index 000000000..f56872c67 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/docker_get.md @@ -0,0 +1,11 @@ +Retrieves a list of all access control rules for Docker Engine commands. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/policies/docker +``` diff --git a/openapi-specs/compute/32-05/desc/policies/docker_put.md b/openapi-specs/compute/32-05/desc/policies/docker_put.md new file mode 100644 index 000000000..860e2bb1e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/docker_put.md @@ -0,0 +1,33 @@ +Updates all Docker Engine access control rules in a single shot. +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +The procedure to add, edit, or remove Docker access control rules is: + +1. Get all Docker access control rules using the GET endpoint. + + The following curl command uses basic auth to retrieve a list of all rules, pretty-print the JSON response, and save the results to a file. + + ``` + $ curl -k \ + -u \ + https://:8083/api/v1/policies/docker \ + | jq '.' > docker_access_control_rules.json + ``` + +2. Modify the JSON output according to your needs. + +3. Update rules by pushing the new JSON payload. + + The following curl command installs the rules defined in your `docker_access_control_rules.json` file. + Do not forget to specify the `@` symbol. + + ``` + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + https://:8083/api/v1/policies/docker \ + --data-binary "@docker_access_control_rules.json" + ``` + +Any previously installed rules are overwritten. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app-embedded_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_app-embedded_get.md new file mode 100644 index 000000000..3da2a7cd6 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app-embedded_get.md @@ -0,0 +1,18 @@ +Retrieves the WAAS policy for web apps protected by App-Embedded Defender. +A policy consists of ordered rules. + +This endpoint maps to **Defend > WAAS > App-Embedded** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/firewall/app/app-embedded' +``` + +A successful response returns a list of rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app-embedded_put.md b/openapi-specs/compute/32-05/desc/policies/firewall_app-embedded_put.md new file mode 100644 index 000000000..a74e1169e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app-embedded_put.md @@ -0,0 +1,200 @@ +Updates the WAAS policy for web apps protected by App-Embedded Defender. +All rules in the policy are updated in a single shot. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > WAAS > App-Embedded**. +2. Click **+ Add rule** and enter the new rule information. +3. Click the **Add new app** button to move to the configuration window. +4. Configure the application with at least one endpoint, and click the **Save** button. + +Adding and maintaining rules for a WAAS app involves populating a large and complex JSON request body. +We recommend the following process: + +1. Manually define your app's policy via the Console UI as described [here](https://docs.twistlock.com/docs/compute_edition/waas/deploy_waas.html). +2. Use the **Export** button on **Defend** > **WAAS** to export the app's policy rules to a JSON file. +3. Use the exported file as a template to modify, then either import the file back in using the **Import** button, or use it as the basis for defining the rules to include in this endpoint's payload. + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +```bash +$ curl 'https:///api/v/policies/firewall/app/app-embedded' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +' +{ + "_id":"appEmbeddedAppFirewall", + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "applicationsSpec":[ + { + "banDurationMinutes":5, + "certificate":{ + + }, + "dosConfig":{ + "effect":"disable", + "matchConditions":[ + + ] + }, + "apiSpec":{ + "endpoints":[ + { + "host":"*", + "basePath":"*", + "exposedPort":1, + "internalPort":1, + "tls":false, + "http2":false + } + ], + "paths":[ + { + "path":"/api/v1/logs/system/upload", + "methods":[ + { + "method":"POST" + } + ] + } + ], + "effect":"disable", + "fallbackEffect":"disable" + }, + "botProtectionSpec":{ + "userDefinedBots":[ + + ], + "knownBotProtectionsSpec":{ + "searchEngineCrawlers":"disable", + "businessAnalytics":"disable", + "educational":"disable", + "news":"disable", + "financial":"disable", + "contentFeedClients":"disable", + "archiving":"disable", + "careerSearch":"disable", + "mediaSearch":"disable" + }, + "unknownBotProtectionSpec":{ + "generic":"disable", + "webAutomationTools":"disable", + "webScrapers":"disable", + "apiLibraries":"disable", + "httpLibraries":"disable", + "botImpersonation":"disable", + "browserImpersonation":"disable", + "requestAnomalies":{ + "threshold":9, + "effect":"disable" + } + }, + "sessionValidation":"disable", + "interstitialPage":false, + "jsInjectionSpec":{ + "enabled":false, + "timeoutEffect":"disable" + } + }, + "networkControls":{ + "advancedProtectionEffect":"alert", + "deniedSubnetsEffect":"alert", + "deniedCountriesEffect":"alert", + "allowedCountriesEffect":"alert" + }, + "body":{ + "inspectionSizeBytes":131072 + }, + "intelGathering":{ + "infoLeakageEffect":"disable", + "removeFingerprintsEnabled":true + }, + "maliciousUpload":{ + "effect":"disable", + "allowedFileTypes":[ + + ], + "allowedExtensions":[ + + ] + }, + "csrfEnabled":true, + "clickjackingEnabled":true, + "sqli":{ + "effect":"prevent", + "exceptionFields":[ + + ] + }, + "xss":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "attackTools":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "shellshock":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "malformedReq":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "cmdi":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "lfi":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "codeInjection":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "remoteHostForwarding":{ + + }, + "selected":true, + "headerSpecs":[ + + ] + } + ], + "expandDetails":true + } + ], + "minPort":30000, + "maxPort":31000 +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_agentless_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_agentless_get.md new file mode 100644 index 000000000..887614486 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_agentless_get.md @@ -0,0 +1 @@ + Returns the Agentless application firewall policy \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_agentless_impacted_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_agentless_impacted_get.md new file mode 100644 index 000000000..382221d77 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_agentless_impacted_get.md @@ -0,0 +1 @@ +Returns a list of mirrored VMs for which the firewall policy rule applies to. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_agentless_put.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_agentless_put.md new file mode 100644 index 000000000..6fc8a0a16 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_agentless_put.md @@ -0,0 +1 @@ +Sets the Agentless WAAS policy. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_agentless_resources_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_agentless_resources_get.md new file mode 100644 index 000000000..e8165f2b9 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_agentless_resources_get.md @@ -0,0 +1 @@ + Returns the WAAS VPC configuration resources. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_agentless_state_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_agentless_state_get.md new file mode 100644 index 000000000..968086a90 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_agentless_state_get.md @@ -0,0 +1 @@ +Returns the state for the Agentless app firewall policy. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_apispec_post.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_apispec_post.md new file mode 100644 index 000000000..e4648a6c8 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_apispec_post.md @@ -0,0 +1,112 @@ +Resolves the endpoints defined in an OpenAPI/Swagger specification and returns a `waas.APISpec` object. + +The `waas.APISpec` object can be included in the body of a subsequent call to the `PUT api/v1/policies/firewall/app/app-embedded` endpoint to define an app that WAAS monitors and protects. + +To invoke this endpoint in the Console UI: + +1. Navigate to the **Defend > WAAS > App-Embedded** page. +2. Click **Add rule**. +3. Enter the details for the new rule and click **Add new app**. +4. On the **App definition** tab, click the **Import** button and select an OpenAPI/Swagger specification file. + +**Note:** You can use a YAML or JSON format for the OpenAPI/Swagger specification. + +### cURL Request + +Refer to the following example cURL command that imports an API from an OpenAPI/Swagger specification: + +```bash +$ curl 'https:///api/v/policies/firewall/app/apispec' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "swagger": "2.0", + "info": { + "version": "2021.7.28", + "title": "Book API", + "description": "A simple API for books.", + "contact": { + "name": "John Smith", + "email": "test.email@email.com", + "url": "http://mywebsite.com" + }, + "license": { + "name": "Apache 2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0.html" + } + }, + "host": "api.mywebsite.com", + "basePath": "/api", + "schemes": [ + "http" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "paths": { + "/books": { + "get": { + "description": "Returns a list of books.", + "operationId": "findBooks", + "responses": { + "200": { + "description": "Success response", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/Book" + } + } + }, + "default": { + "description": "unexpected error", + "schema": { + "$ref": "#/definitions/Error" + } + } + } + } + } + }, + "definitions": { + "Book": { + "allOf": [ + { + "required": [ + "id" + ], + "properties": { + "id": { + "type": "integer", + "format": "int64" + } + } + } + ] + }, + "Error": { + "required": [ + "code", + "message" + ], + "properties": { + "code": { + "type": "integer", + "format": "int32" + }, + "message": { + "type": "string" + } + } + } + } +}' +``` + +A successful response returns a `waas.APISpec` object containing the API specification that was imported. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_container_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_container_get.md new file mode 100644 index 000000000..3b8c157fa --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_container_get.md @@ -0,0 +1,17 @@ +Retrieves the WAAS policy for containers. +A policy consists of ordered rules. + +This endpoint maps to **Defend > WAAS > Container** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + 'https:///api/v/policies/firewall/app/container' +``` + +A successful response returns a list of rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_container_impacted_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_container_impacted_get.md new file mode 100644 index 000000000..cce179f4f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_container_impacted_get.md @@ -0,0 +1 @@ +Returns a list of containers for which the firewall policy rule applies to. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_container_put.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_container_put.md new file mode 100644 index 000000000..56a794cc7 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_container_put.md @@ -0,0 +1,202 @@ +Updates the WAAS policy for containers. +All rules are updated in a single shot. + +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > WAAS > Container**. +2. Click **+ Add rule** and enter the new rule information. +3. Click the **Add new app** button to move to the configuration window. +4. Configure the application with at least one endpoint, and click the **Save** button. + +Adding and maintaining rules for a WAAS app involves populating a large and complex JSON request body. +We recommend the following process: + +1. Manually define your app's policy via the Console UI as described [here](https://docs.twistlock.com/docs/compute_edition/waas/deploy_waas.html). +2. Use the **Export** button on **Defend** > **WAAS** to export the app's policy rules to a JSON file. +3. Use the exported file as a template to modify, then either import the file back in using the **Import** button, or use it as the basis for defining the rules to include in this endpoint's payload. + +### cURL Request + +Refer to the following example cURL command that overwrites all applications rules with a single rule. + +``` +$ curl 'https:///api/v/policies/firewall/app/container' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +' +{ + "_id":"appEmbeddedAppFirewall", + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "applicationsSpec":[ + { + "banDurationMinutes":5, + "certificate":{ + + }, + "dosConfig":{ + "effect":"disable", + "matchConditions":[ + + ] + }, + "apiSpec":{ + "endpoints":[ + { + "host":"*", + "basePath":"*", + "exposedPort":1, + "internalPort":1, + "tls":false, + "http2":false + } + ], + "paths":[ + { + "path":"/api/v1/logs/system/upload", + "methods":[ + { + "method":"POST" + } + ] + } + ], + "effect":"disable", + "fallbackEffect":"disable" + }, + "botProtectionSpec":{ + "userDefinedBots":[ + + ], + "knownBotProtectionsSpec":{ + "searchEngineCrawlers":"disable", + "businessAnalytics":"disable", + "educational":"disable", + "news":"disable", + "financial":"disable", + "contentFeedClients":"disable", + "archiving":"disable", + "careerSearch":"disable", + "mediaSearch":"disable" + }, + "unknownBotProtectionSpec":{ + "generic":"disable", + "webAutomationTools":"disable", + "webScrapers":"disable", + "apiLibraries":"disable", + "httpLibraries":"disable", + "botImpersonation":"disable", + "browserImpersonation":"disable", + "requestAnomalies":{ + "threshold":9, + "effect":"disable" + } + }, + "sessionValidation":"disable", + "interstitialPage":false, + "jsInjectionSpec":{ + "enabled":false, + "timeoutEffect":"disable" + } + }, + "networkControls":{ + "advancedProtectionEffect":"alert", + "deniedSubnetsEffect":"alert", + "deniedCountriesEffect":"alert", + "allowedCountriesEffect":"alert" + }, + "body":{ + "inspectionSizeBytes":131072 + }, + "intelGathering":{ + "infoLeakageEffect":"disable", + "removeFingerprintsEnabled":true + }, + "maliciousUpload":{ + "effect":"disable", + "allowedFileTypes":[ + + ], + "allowedExtensions":[ + + ] + }, + "csrfEnabled":true, + "clickjackingEnabled":true, + "sqli":{ + "effect":"prevent", + "exceptionFields":[ + + ] + }, + "xss":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "attackTools":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "shellshock":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "malformedReq":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "cmdi":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "lfi":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "codeInjection":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "remoteHostForwarding":{ + + }, + "selected":true, + "headerSpecs":[ + + ] + } + ], + "expandDetails":true + } + ], + "minPort":30000, + "maxPort":31000 +}' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_host_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_host_get.md new file mode 100644 index 000000000..adb90128a --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_host_get.md @@ -0,0 +1,18 @@ +Retrieves the WAAS policy for hosts. +A policy consists of ordered rules. + +This endpoint maps to **Defend > WAAS > Host** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/firewall/app/host' +``` + +A successful response returns a list of rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_host_impacted_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_host_impacted_get.md new file mode 100644 index 000000000..494518511 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_host_impacted_get.md @@ -0,0 +1 @@ +Returns a list of hosts for which the firewall policy rule applies to. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_host_put.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_host_put.md new file mode 100644 index 000000000..bb3aa36fa --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_host_put.md @@ -0,0 +1,173 @@ +Updates the WAAS policy for hosts. +All rules in the policy are updated in a single shot. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > WAAS > Host**. +2. Click **+ Add rule** and enter the new rule information. +3. Click the **Add new app** button to move to the configuration window. +4. Configure the application with at least one endpoint, and click the **Save** button. + +Adding and maintaining rules for a WAAS app involves populating a large and complex JSON request body. +We recommend the following process: + +1. Manually define your app's policy via the Console UI as described [here](https://docs.twistlock.com/docs/compute_edition/waas/deploy_waas.html). +2. Use the **Export** button on **Defend** > **WAAS** to export the app's policy rules to a JSON file. +3. Use the exported file as a template to modify, then either import the file back in using the **Import** button, or use it as the basis for defining the rules to include in this endpoint's payload. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/firewall/app/host' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "_id":"hostAppFirewall", + "rules":[ + { + "name":"My Rule", + "notes":"My Notes 4", + "collections":[ + { + "name":"All" + } + ], + "applicationsSpec":[ + { + "banDurationMinutes":5, + "certificate":{ + "encrypted":"" + }, + "dosConfig":{ + "effect":"disable" + }, + "apiSpec":{ + "description":"test", + "endpoints":[ + { + "host":"*", + "basePath":"*", + "exposedPort":0, + "internalPort":1, + "tls":false, + "http2":false + } + ], + "effect":"disable", + "fallbackEffect":"disable" + }, + "botProtectionSpec":{ + "userDefinedBots":[ + + ], + "knownBotProtectionsSpec":{ + "searchEngineCrawlers":"disable", + "businessAnalytics":"disable", + "educational":"disable", + "news":"disable", + "financial":"disable", + "contentFeedClients":"disable", + "archiving":"disable", + "careerSearch":"disable", + "mediaSearch":"disable" + }, + "unknownBotProtectionSpec":{ + "generic":"disable", + "webAutomationTools":"disable", + "webScrapers":"disable", + "apiLibraries":"disable", + "httpLibraries":"disable", + "botImpersonation":"disable", + "browserImpersonation":"disable", + "requestAnomalies":{ + "threshold":9, + "effect":"disable" + } + }, + "sessionValidation":"disable", + "interstitialPage":false, + "jsInjectionSpec":{ + "enabled":false, + "timeoutEffect":"disable" + } + }, + "networkControls":{ + "advancedProtectionEffect":"alert", + "deniedSubnetsEffect":"alert", + "deniedCountriesEffect":"alert", + "allowedCountriesEffect":"alert" + }, + "body":{ + "inspectionSizeBytes":131072 + }, + "intelGathering":{ + "infoLeakageEffect":"disable", + "removeFingerprintsEnabled":true + }, + "maliciousUpload":{ + "effect":"disable", + "allowedFileTypes":[ + ], + "allowedExtensions":[ + ] + }, + "csrfEnabled":true, + "clickjackingEnabled":true, + "sqli":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "xss":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "attackTools":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "shellshock":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "malformedReq":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "cmdi":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "lfi":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "codeInjection":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "remoteHostForwarding":{ + } + } + ], + "expandDetails":true + } + ], + "minPort":30000, + "maxPort":31000 +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_network_list_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_network_list_get.md new file mode 100644 index 000000000..13f7fb450 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_network_list_get.md @@ -0,0 +1,20 @@ +Retrieves a list of all WAAS network lists. +Network lists are groups or related IPv4 addresses and CIDR blocks used in WAAS policy rules. + +This endpoint is typically called as part of a process to programmatically update network lists based on new threat intelligence. +For example: add, update, or delete IP addresses. + +This endpoint maps to **Defend > WAAS > Network lists** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + 'https:///api/v/policies/firewall/app/network-list' +``` + +A successful response returns the lists of IPv4 addresses/IP CIDR blocks for networks in WAAS. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_network_list_id_delete.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_network_list_id_delete.md new file mode 100644 index 000000000..4aba76dd8 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_network_list_id_delete.md @@ -0,0 +1,23 @@ +Deletes an existing WAAS network list. + +This endpoint is typically called to programmatically delete a network list, based on new threat intelligence. + +To invoke this endpoint in the Console UI: + +1. Navigate to the **Defend > WAAS > Network lists** page. +2. Locate an existing list in the table to delete and click the trash icon under the **Actions** columns. +3. Click **Delete Network List** to confirm the deletion. + +### cURL Request + +Refer to the following example cURL command that deletes a new network list. + +```bash +$ curl 'https:///api/v/policies/firewall/app/network-list/{id}' \ + -k \ + -X DELETE \ + -u \ + -H 'Content-Type: application/json' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_network_list_post.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_network_list_post.md new file mode 100644 index 000000000..0ebd39dcf --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_network_list_post.md @@ -0,0 +1,31 @@ +Creates a new WAAS network list. + +This endpoint is typically called to programmatically create a list, based on new threat intelligence. + +To invoke this endpoint in the Console UI: + +1. Navigate to the **Defend > WAAS > Network lists** page. +2. Click **+ Add new network list**. +3. Enter the details for the new network list and click **Save Network List** + +### cURL Request + +Refer to the following example cURL command that adds a new network list. + +```bash +$ curl 'https:///api/v/policies/firewall/app/network-list' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "_id":"{id}", + "subnets":[ + "192.145.2.3", + "192.167.2.2" + ] +}' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_network_list_put.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_network_list_put.md new file mode 100644 index 000000000..68fdc558b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_network_list_put.md @@ -0,0 +1,31 @@ +Updates an existing WAAS network list. + +This endpoint is typically called to programmatically update a network list, based on new threat intelligence. + +To invoke this endpoint in the Console UI: + +1. Navigate to the **Defend > WAAS > Network lists** page. +2. Click on an existing list in the table and update the list as required. +3. Click **Update Network List** to save the changes. + +### cURL Request + +Refer to the following example cURL command that updates a network list. + +```bash +$ curl 'https:///api/v/policies/firewall/app/network-list' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "_id":"{id}", + "subnets":[ + "192.145.3.3", + "192.167.3.2" + ] +}' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_out-of-band_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_out-of-band_get.md new file mode 100644 index 000000000..d4f72d041 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_out-of-band_get.md @@ -0,0 +1,18 @@ +Discovers and detects the HTTP traffic for an existing WAAS out of band custom rule. +A policy consists of ordered rules. + +This endpoint maps to **Defend > WAAS > Out of band** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/firewall/app/out-of-band' +``` + +A successful response returns a list of rules in the policy. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_out-of-band_impacted_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_out-of-band_impacted_get.md new file mode 100644 index 000000000..25d2c6691 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_out-of-band_impacted_get.md @@ -0,0 +1,17 @@ +Discovers and detects the impacted resources for the HTTP traffic in an existing WAAS out of band custom rule. + +This endpoint maps to **Defend > WAAS > Out of band** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/firewall/app/out-of-band/impacted' +``` + +A successful response returns a list of impacted resources in the policy. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_out-of-band_put.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_out-of-band_put.md new file mode 100644 index 000000000..4e8445660 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_out-of-band_put.md @@ -0,0 +1,30 @@ +Updates or edits a WAAS custom rule for out of band traffic. +A policy consists of ordered rules. + +This endpoint maps to **Defend > WAAS > Out of band** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl 'https:///api/v/policies/firewall/app/out-of-band' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "effect":"disable", + "collections":[ + { + "name":"All" + } + ], + } + ], +}' +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_rasp_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_rasp_get.md new file mode 100644 index 000000000..15d481cf3 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_rasp_get.md @@ -0,0 +1,7 @@ +Retrieves a list of all application firewall (CNAF) rules for RASP. + +``` +$ curl -k \ + -u \ + https://:8083/api/v1/policies/firewall/app/rasp +``` diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_rasp_put.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_rasp_put.md new file mode 100644 index 000000000..04ba86483 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_rasp_put.md @@ -0,0 +1,33 @@ +Updates all application firewall (CNAF for RASP) rules in a single shot. +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +The procedure to add, edit, or remove rules is: + +1. Get all rules using the GET endpoint. + + The following curl command uses basic auth to retrieve a list of all rules, pretty-print the JSON response, and save the results to a file. + + ``` + $ curl -k \ + -u \ + https://:8083/api/v1/policies/firewall/app/rasp \ + | jq '.' > app_firewall_rules.json + ``` + +2. Modify the JSON output according to your needs. + +3. Update rules by pushing the new JSON payload. + + The following curl command installs the rules defined in your `app_firewall_rules.json` file. + Do not forget to specify the `@` symbol. + + ``` + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + https://:8083/api/v1/policies/firewall/app/rasp \ + --data-binary "@app_firewall_rules.json" + ``` + +Any previously installed rules are overwritten. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_serverless_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_serverless_get.md new file mode 100644 index 000000000..d19e909f3 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_serverless_get.md @@ -0,0 +1,16 @@ +Retrieves a list of all WAAS policy rules for serverless functions. + +This endpoint maps to **Defend > WAAS > Serverless** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + 'https:///api/v/policies/firewall/app/serverless' +``` + +A successful response returns a list of firewall rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_app_serverless_put.md b/openapi-specs/compute/32-05/desc/policies/firewall_app_serverless_put.md new file mode 100644 index 000000000..16ae54210 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_app_serverless_put.md @@ -0,0 +1,82 @@ +Updates the WAAS policy for serverless functions. + +To invoke this endpoint in the Console UI: + +1. Navigate to the **Defend > WAAS > Serverless** page. +2. Click **+ Add rule**. +3. Enter the details for the new serverless function and click **Save** + +Adding and maintaining rules for a WAAS app involves populating a large and complex JSON request body. +We recommend the process: + +1. Manually define your app's policy via the Console UI as described [here](https://docs.twistlock.com/docs/compute_edition/waas/deploy_waas.html). +2. Use the **Export** button on **Defend** > **WAAS** to export the app's policy rules to a JSON file. +3. Use the exported file as a template to modify, then either import the file back in using the **Import** button, or use it as the basis for defining the rules to include in this endpoint's payload. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl 'https:///api/v/policies/firewall/app/serverless' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "_id": "serverlessAppFirewall", + "rules": [ + { + "name": "{id}", + "previousName": "", + "collections": [ + { + "hosts": ["*"], + "images": ["*"], + "labels": ["*"], + "containers": ["*"], + "functions": ["*"], + "namespaces": ["*"], + "appIDs": ["*"], + "accountIDs": ["*"], + "codeRepos": ["*"], + "clusters": ["*"], + "name": "All" + } + ], + "applicationsSpec": [ + { + "xss": { + "effect": "alert", + "exceptionFields": [] + }, + "codeInjection": { + "effect": "alert", + "exceptionFields": [] + }, + "sqli": { + "effect": "alert", + "exceptionFields": [] + }, + "lfi": { + "effect": "alert", + "exceptionFields": [] + }, + "cmdi": { + "effect": "alert", + "exceptionFields": [] + }, + "body": { + "inspectionSizeBytes": 131072 + } + } + ] + } + ], + "minPort": 0, + "maxPort": 0 +}' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_network_container_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_network_container_get.md new file mode 100644 index 000000000..3f1343b53 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_network_container_get.md @@ -0,0 +1,12 @@ +Retrieves a list of all CNNS container and host rules. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/policies/firewall/network" +``` diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_network_container_put.md b/openapi-specs/compute/32-05/desc/policies/firewall_network_container_put.md new file mode 100644 index 000000000..fd9263430 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_network_container_put.md @@ -0,0 +1,37 @@ +Updates all container and host CNNS rules in a single shot. +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +The procedure to add, edit, or remove rules is: + +1. Get all rules using the GET endpoint. + + ### cURL Request + Refer to the following example cURL command that retrieves a list of all rules, pretty-print the JSON response, and save the results to a file: + + ```bash + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + -o \ + "https:///api/v/policies/firewall/network/container" + ``` + +2. Modify the JSON output according to your needs. + +3. Update rules by pushing the new JSON payload. + + ### cURL Request + Refer to the following example cURL command that installs the rules defined in your `network_firewall_rules.json` file. + Do not forget to specify the `@` symbol. + + ```bash + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + --data-binary "@network_firewall_rules.json" \ + "https:///api/v/policies/firewall/network/container" + ``` + +Any previously installed rules are overwritten. diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_network_entities_get.md b/openapi-specs/compute/32-05/desc/policies/firewall_network_entities_get.md new file mode 100644 index 000000000..757121f70 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_network_entities_get.md @@ -0,0 +1,9 @@ +Retrieves a list of all CNNF network objects. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/policies/firewall/network/entities +``` diff --git a/openapi-specs/compute/32-05/desc/policies/firewall_network_entities_put.md b/openapi-specs/compute/32-05/desc/policies/firewall_network_entities_put.md new file mode 100644 index 000000000..83c023286 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/firewall_network_entities_put.md @@ -0,0 +1,17 @@ +Updates the list of CNNF network objects. + +The following example curl command updates the network objects. There is an example of all three types (images,subnets, and applications ): + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d \ +'[ + {"_id":"Ubuntu","type":"container","resource":{"images":["ubuntu:latest"],"labels":["*"]}}, + {"_id":"Google DNS","type":"subnet","resource":{"labels":["*"]},"subnets":[{"name":"8.8.8.8/24","cidr":"8.8.8.8/24"}]}, + {"_id":"SSH","type":"appID","resource":{"appIDs":["ssh"]},"subnets":[]} +]' \ + https://:8083/api/v1/policies/firewall/network/entities +``` diff --git a/openapi-specs/compute/32-05/desc/policies/policies.md b/openapi-specs/compute/32-05/desc/policies/policies.md new file mode 100644 index 000000000..69768c03d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/policies.md @@ -0,0 +1,186 @@ +Policies are sets of ordered rules. +[Rule order](https://docs.twistlock.com/docs/latest/configure/rule_ordering_pattern_matching.html) determines how a policy is evaluated. + +You can manage your rules and policies programmatically using the policy API endpoints. + +For more information about policy endpoints, see: + +* [How to Add / Update Policy Rules](#how-to-add--update-policy-rules) +* [How to Delete Policy Rules](#how-to-delete-policy-rules) +* [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) + + +### How to Add / Update Policy Rules + +All of the `PUT /api/vVERSION/policies/*` endpoints work similarly. + +To add, edit, or remove vulnerability rules from a policy: + +1. Retrieve the entire policy, which includes all the vulnerability rules using the `GET` endpoint. + + For example, the following cURL command uses basic auth to retrieve a list of all image vulnerability rules, pretty-prints the JSON response, and saves the results to a `vulnerability_rules.json` file. + + ```bash + $ curl -k \ + -u \ + https:///api/v1/policies/runtime/host \ + | jq '.' > vulnerability_rules.json + ``` + +2. Modify the saved JSON with the updates, including any new rule insertions. **Note:** Rule order is important. + +3. Update the rules by pushing the new JSON payload into the `PUT` endpoint. + + For example, the following cURL command installs the rules defined in your `vulnerability_rules.json` file. + + **Note:** Remember to specify the `@` symbol. + + ```bash + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + 'https:///api/v/policies/runtime/host \ + --data-binary "@vulnerability_rules.json"' + ``` + +Any previously installed rules are overwritten. + +#### Minimum Rule Parameters + +To create or update a rule, specify the following: + +* Rule name +* At least 1 collection specifying a collection name (at minimum) +* A block threshold (optional, but recommended) +* An alert threshold (optional, but recommended) + +For example, to replace all the vulnerability rules for CI image deployments: + +```bash +$ curl 'https:///api/v/policies/vulnerability/ci/images?project=' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "", + "collections":[ + { + "name":"", + } + ], + "alertThreshold":{ + "disabled":false, + "value":4 + }, + "blockThreshold":{ + "enabled":false, + "value":0 + }, + } + ], + "policyType": "ciImagesVulnerability" +}' +``` + +**Note:** The default alert threshold of `Low` is typically too broad and not actionable. Usually you'll want to specify a threshold of `Critical` or `High`. + +##### Referencing Collections by Name + +You can reference a collection by its name when creating / updating a rule. +If the collection name exists in Console, the remaining resource fields for the collection will automatically be filled in. + +**Note:** The referenced collections *must* exist prior to creating / updating rules, or the API will not add / update your rules. + +In Console, the default collection is `All`. +`All` is a collection created by the system when the software is installed / upgraded. +When using the API, you can specify `All` as the `` to apply the default collection. + +### How to Delete Policy Rules + +In general, the policy endpoints don't have `DELETE` methods. +Use the `PUT` method to delete all rules by submitting an empty JSON object. + +For example, to delete all host runtime rules: + +``` +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{}' \ + https:///api/v1/policies/runtime/host +``` + +### How to Construct a Compliance Policy + +To construct an effective rule for a compliance policy: + +1. Specify at least one "check" in the `condition.vulnerabilities` object. +A check is a security best practice or baseline setting which will be validated by the scanner. + +2. Specify an action for each check. +Prisma Cloud needs to know what to do when a check fails (for example, alert or block). + +3. In the `effect` parameter, specify the range of possible actions configured in the rule. +The value in `effect` a comma-separated list. + + For example, in a one-check rule, the effect could be `alert` or in a two-check rule, the effect could be `alert, fail`. + + See [Actions for failed checks](#actions-for-failed-checks) for more info. + +The following curl command creates a single rule compliance policy for container images scanned in the CI pipeline: + +```bash +$ curl 'https:///api/v/policies/compliance/ci/images' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "my-rule", + "effect": "alert", + "collections":[ + { + "name":"All" + } + ], + "condition": { + "vulnerabilities": [ + { + "id": 41, + "block": false, + "minSeverity": 1 + } + ] + } + } + ], + "policyType": "ciImagesCompliance" +}' +``` + +#### Actions for failed checks + +To configure Prisma Cloud to run a check, add the check to your rule in the `condition.vulnerabilities` object. +For each check, specify the action to take if the check fails. +Actions are set on a per-check basis in `condition.vulnerabilities[X].block`, where: + +Effect |`condition.vulnerabilities[X].block` +---|--- +`alert`|`false` +`fail`|`true` + +The `ignore` effect is set implicitly for any check *not* explicitly included in the `condition.vulnerabilities[X]` array. + +The `effect` parameter is a helper for the Console UI and has no impact on the policy itself. +However, we recommend you specify an `effect` parameter for each rule, to ensure the policy table in the Console UI renders properly. + +In the UI, these are convenience strings which enable you to quickly review the policy table and see the effect of each rule. +For example, you may want to quickly find the rule that's failing/blocking your build in the CI pipeline. diff --git a/openapi-specs/compute/32-05/desc/policies/runtime_app-embedded_get.md b/openapi-specs/compute/32-05/desc/policies/runtime_app-embedded_get.md new file mode 100755 index 000000000..fcf0ba8b9 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/runtime_app-embedded_get.md @@ -0,0 +1,18 @@ +Retrieves the runtime policy for apps protected by App-Embedded Defenders. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Runtime > App-Embedded policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/runtime/app-embedded' +``` + +A successful response returns a list of runtime rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/runtime_app-embedded_post.md b/openapi-specs/compute/32-05/desc/policies/runtime_app-embedded_post.md new file mode 100644 index 000000000..7b4b50ab7 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/runtime_app-embedded_post.md @@ -0,0 +1,56 @@ +Adds a runtime policy for app-embedded deployments. + +This endpoint maps to the **Add rule** button in **Defend > Runtime > App-Embedded policy** in the Console UI. + +### cURL Request + +The following cURL command adds a single rule to your policy. + +```bash +$ curl 'https:///api/v/policies/runtime/app-embedded' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "processes":{ + "effect":"alert" + }, + "network":{ + "effect":"alert", + "blacklistIPs":[ + ], + "blacklistListeningPorts":[ + ], + "whitelistListeningPorts":[ + ], + "blacklistOutboundPorts":[ + ], + "whitelistOutboundPorts":[ + { + "start":4312, + "end":4555, + "deny":false + } + ], + "whitelistIPs":[ + ] + }, + "dns":{ + "effect":"prevent", + "whitelist":[ + ], + "blacklist":[ + ] + } +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/runtime_app-embedded_put.md b/openapi-specs/compute/32-05/desc/policies/runtime_app-embedded_put.md new file mode 100644 index 000000000..e0ba70599 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/runtime_app-embedded_put.md @@ -0,0 +1,40 @@ +Updates the runtime policy for app-embedded deployments. +All rules in the policy are updated in a single shot. + +This endpoint maps to the **Add rule** button in **Defend > Runtime > App-Embedded policy** in the Console UI. + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +```bash +$ curl 'https:///api/v/policies/runtime/app-embedded' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "processes":{ + "effect":"alert" + }, + "network":{ + "effect":"alert" + }, + "dns":{ + "effect":"alert" + } + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/runtime_container_get.md b/openapi-specs/compute/32-05/desc/policies/runtime_container_get.md new file mode 100644 index 000000000..f1b50b727 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/runtime_container_get.md @@ -0,0 +1,18 @@ +Retrieves the runtime policy for containers protected by Defender. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Runtime > Container policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/runtime/container' +``` + +A successful response returns a list of runtime rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/runtime_container_impacted_get.md b/openapi-specs/compute/32-05/desc/policies/runtime_container_impacted_get.md new file mode 100644 index 000000000..195f75547 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/runtime_container_impacted_get.md @@ -0,0 +1,25 @@ +Returns the impacted images based on a given rule +In the Console UI, you can see how it works by going to the **Defend > Runtime > Container policy** page and clicking the **Show** link. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/runtime/container/impacted?ruleName={ruleName}' +``` + +For additional help with your `ruleName`: + +```bash +$ curl -k -G \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + --data-urlencode 'ruleName=Default - alert on suspicious runtime behavior' \ + 'https:///api/v/policies/runtime/container/impacted' +``` diff --git a/openapi-specs/compute/32-05/desc/policies/runtime_container_post.md b/openapi-specs/compute/32-05/desc/policies/runtime_container_post.md new file mode 100644 index 000000000..aee338386 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/runtime_container_post.md @@ -0,0 +1,49 @@ +Updates the runtime policy for containers. +All rules in the policy are updated in a single shot. + +Prisma Cloud automatically builds allow-list security models for each container image in your environment. +Use runtime container rules to augment the rules in those models. +Manually defined rules augment learned models as follows: + +Policy (allowed) = Manual rules (explicitly allowed) + Model (all learned behavior) - Manual rules (explicitly denied) + +This endpoint maps to the **Add rule** button in **Defend > Runtime > Container policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/runtime/container' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "processes":{ + "effect":"alert" + }, + "network":{ + "effect":"alert" + }, + "dns":{ + "effect":"alert" + }, + "filesystem":{ + "effect":"alert" + } + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/runtime_container_put.md b/openapi-specs/compute/32-05/desc/policies/runtime_container_put.md new file mode 100644 index 000000000..7d5cfc6db --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/runtime_container_put.md @@ -0,0 +1 @@ +Sets the given runtime policy. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/runtime_host_get.md b/openapi-specs/compute/32-05/desc/policies/runtime_host_get.md new file mode 100644 index 000000000..38800596c --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/runtime_host_get.md @@ -0,0 +1,18 @@ +Retrieves the runtime policy for hosts protected by Defender. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Runtime > Host policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/runtime/host' +``` + +A successful response returns a list of runtime rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/runtime_host_post.md b/openapi-specs/compute/32-05/desc/policies/runtime_host_post.md new file mode 100644 index 000000000..fb3c78dcf --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/runtime_host_post.md @@ -0,0 +1,41 @@ +Updates the runtime policy for hosts protected by Defender. +All rules in the policy are updated in a single shot. + +This endpoint maps to the **Add rule** button in **Defend > Runtime > Host policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/runtime/host' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "advancedProtection":"alert", + "processes":{ + "effect":"alert" + }, + "network":{ + "effect":"disable" + }, + "dns":{ + "effect":"disable" + } + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/runtime_host_put.md b/openapi-specs/compute/32-05/desc/policies/runtime_host_put.md new file mode 100644 index 000000000..7bcbae945 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/runtime_host_put.md @@ -0,0 +1 @@ +Sets the given host policy. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/runtime_rasp_get.md b/openapi-specs/compute/32-05/desc/policies/runtime_rasp_get.md new file mode 100644 index 000000000..5b7a76457 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/runtime_rasp_get.md @@ -0,0 +1,9 @@ +Retrieves the list of rules that make up your RASP runtime policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/policies/runtime/rasp +``` diff --git a/openapi-specs/compute/32-05/desc/policies/runtime_rasp_put.md b/openapi-specs/compute/32-05/desc/policies/runtime_rasp_put.md new file mode 100644 index 000000000..bba60ba81 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/runtime_rasp_put.md @@ -0,0 +1,35 @@ +Updates all RASP runtime rules in a single shot. +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +The procedure to add, edit, or remove rules is: + +1. Get all runtime rules using the GET endpoint. + + The following curl command uses basic auth to retrieve the rules, pretty-print the JSON response, and save the results to a file. + + ``` + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET + https://:8083/api/v1/policies/runtime/rasp \ + | jq '.' > rasp_runtime_rules.json + ``` + +2. Modify the JSON output according to your needs. + +3. Update rules by pushing the new JSON payload. + + The following curl command installs the rules defined in your `rasp_runtime_rules.json` file. + Do not forget to specify the `@` symbol. + + ``` + $ curl -k \ + -u \ + -H "Content-Type:application/json" \ + -X PUT \ + https://:8083/api/v1/policies/runtime/rasp \ + --data-binary "@rasp_runtime_rules.json" + ``` + +Any previously installed rules are overwritten. diff --git a/openapi-specs/compute/32-05/desc/policies/runtime_serverless_get.md b/openapi-specs/compute/32-05/desc/policies/runtime_serverless_get.md new file mode 100644 index 000000000..44326bbf6 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/runtime_serverless_get.md @@ -0,0 +1,18 @@ +Retrieves the runtime policy for your serverless functions. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Runtime > Serverless policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/runtime/serverless' +``` + +A successful response returns a list of runtime rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/runtime_serverless_post.md b/openapi-specs/compute/32-05/desc/policies/runtime_serverless_post.md new file mode 100644 index 000000000..7367d0018 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/runtime_serverless_post.md @@ -0,0 +1,43 @@ +Updates the runtime policy for your serverless functions. +All rules in the policy are updated in a single shot. + +This endpoint maps to the **Add rule** button in **Defend > Runtime > Serverless policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/runtime/serverless' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "processes":{ + "effect":"alert" + }, + "network":{ + "effect":"disable" + }, + "dns":{ + "effect":"disable" + }, + "filesystem":{ + "effect":"disable" + } + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/runtime_serverless_put.md b/openapi-specs/compute/32-05/desc/policies/runtime_serverless_put.md new file mode 100644 index 000000000..7bcbae945 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/runtime_serverless_put.md @@ -0,0 +1 @@ +Sets the given host policy. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/secrets_get.md b/openapi-specs/compute/32-05/desc/policies/secrets_get.md new file mode 100644 index 000000000..89e6b9c0e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/secrets_get.md @@ -0,0 +1,10 @@ +Retrieves a list of all secrets rules. + +The following curl command uses basic auth to retrieve a list of all rules, pretty-print the JSON response, and save the results to a file. + +``` +$ curl -k \ + -u \ + -X GET \ + https://:8083/api/v1/policies/secrets +``` diff --git a/openapi-specs/compute/32-05/desc/policies/secrets_put.md b/openapi-specs/compute/32-05/desc/policies/secrets_put.md new file mode 100644 index 000000000..1e8877ca1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/secrets_put.md @@ -0,0 +1,35 @@ +Updates all secrets rules in a single shot. +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +Each rule specifies how and where specified secrets from a given store are injected into running containers. + +The procedure to add, edit, or remove secrets rules is: + +1. Get all secrets rules using the GET endpoint. + + The following curl command uses basic auth to retrieve a list of all rules, pretty-print the JSON response, and save the results to a file. + + ``` + $ curl -k \ + -u \ + https://:8083/api/v1/policies/secrets \ + | jq '.' > secrets_rules.json + ``` + +2. Modify the JSON output according to your needs. + +3. Update rules by pushing the new JSON payload. + + The following curl command installs the rules defined in your `secrets_rules.json` file. + Do not forget to specify the `@` symbol. + + ``` + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + https://:8083/api/v1/policies/secrets \ + --data-binary "@secrets_rules.json" + ``` + +Any previously installed rules are overwritten. diff --git a/openapi-specs/compute/32-05/desc/policies/trust_get.md b/openapi-specs/compute/32-05/desc/policies/trust_get.md new file mode 100644 index 000000000..8de1ba409 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/trust_get.md @@ -0,0 +1,9 @@ +Retrieves the list of rules that make up your trusted images policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/policies/trust +``` diff --git a/openapi-specs/compute/32-05/desc/policies/trust_put.md b/openapi-specs/compute/32-05/desc/policies/trust_put.md new file mode 100644 index 000000000..fccd4b91e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/trust_put.md @@ -0,0 +1,18 @@ +Updates the list of rules that make up your trusted images policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d \ +'{ + "_id":"imageTrust", + "rules":[{"allowedGroups":[],"deniedGroups":[], + "effect":"alert","action":["*"], + "blockMsg":"", + "resources":{"images":["*"],"hosts":["*"],"labels":["*"]}, + "name":"My rule"}] +}' \ + https://:8083/api/v1/policies/trust +``` diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_base_images_download.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_base_images_download.md new file mode 100644 index 000000000..8de602e73 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_base_images_download.md @@ -0,0 +1 @@ +Downloads the base images rules data to CSV. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_base_images_get.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_base_images_get.md new file mode 100644 index 000000000..c5b249f6b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_base_images_get.md @@ -0,0 +1 @@ +Returns all the base image scopes and the list of base images digests for each of them. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_base_images_id_delete.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_base_images_id_delete.md new file mode 100644 index 000000000..53d71c386 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_base_images_id_delete.md @@ -0,0 +1,4 @@ +Removes all base images under a given scope. + +For the `id` path parameter to be passed correctly in the URL, it needs to be percent-encoded. Further, the percent ("%") character itself must be percent-encoded as "%25". Therefore, each forward slash ("/") character needs to be encoded as "%252F". + diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_base_images_post.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_base_images_post.md new file mode 100644 index 000000000..ca0e7cb88 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_base_images_post.md @@ -0,0 +1 @@ +Adds the base images which match the given scope configuration. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_ci_images_get.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_ci_images_get.md new file mode 100644 index 000000000..abc3da8fa --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_ci_images_get.md @@ -0,0 +1,18 @@ +Retrieves the vulnerability policy for images scanned in your continuous integration (CI) pipeline. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Vulnerabilities > Images > CI** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/vulnerability/ci/images' +``` + +A successful response returns a list of vulnerability rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_ci_images_put.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_ci_images_put.md new file mode 100644 index 000000000..f6f505d37 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_ci_images_put.md @@ -0,0 +1,49 @@ +Updates the policy for images scanned in your continuous integration (CI) pipeline. +All rules in the policy are updated in a single shot. + +The policy set in this endpoint is enforced by the scanners in the Jenkins plugin and the `twistcli` command line tool. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Images > CI** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/vulnerability/ci/images' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "", + "collections":[ + { + "name":"", + } + ], + "alertThreshold":{ + "disabled":false, + "value":4 + }, + "blockThreshold":{ + "enabled":false, + "value":0 + }, + + ... + + } + ], + "policyType": "ciImagesVulnerability" + + ... + +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_ci_serverless_get.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_ci_serverless_get.md new file mode 100644 index 000000000..958c86495 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_ci_serverless_get.md @@ -0,0 +1,20 @@ +Retrieves the vulnerability policy for serverless functions scanned in your continuous integration (CI) pipeline. +A policy consists of ordered rules. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Functions > CI** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/vulnerability/ci/serverless' +``` + +A successful response contains a list of vulnerability rules in the policy. + diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_ci_serverless_put.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_ci_serverless_put.md new file mode 100644 index 000000000..6e73d50d2 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_ci_serverless_put.md @@ -0,0 +1,48 @@ +Updates the vulnerability policy for serverless functions scanned in your continuous integration (CI) pipeline. +All rules in the policy are updated in a single shot. + +The policy set in this endpoint is enforced by the scanners in the Jenkins plugin and the `twistcli` command line tool. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Functions > CI** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/vulnerability/ci/serverless' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "", + "collections": [ + { + "name":"", + } + ], + "alertThreshold": { + "value": 1, + "disabled": false + }, + "blockThreshold": { + "value": 0, + "enabled": false + }, + + ... + + } + ], + "policyType": "ciServerlessVulnerability", + + ... + +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_coderepos_get.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_coderepos_get.md new file mode 100644 index 000000000..08dfed8e1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_coderepos_get.md @@ -0,0 +1,18 @@ +Retrieves the vulnerability policy for code repositories. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Vulnerabilities > Code repositories** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -X GET \ + 'https:///api/v/policies/vulnerability/coderepos' +``` + +A successful response returns a list of vulnerability rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_coderepos_impacted_get.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_coderepos_impacted_get.md new file mode 100644 index 000000000..a401a12c4 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_coderepos_impacted_get.md @@ -0,0 +1,19 @@ +Lists the code repositories caught by your policy on a per-rule basis. + +To see where Console invokes this endpoint: + +* In Console, go to **Defend > Vulnerabilities**. +* In the **Vulnerability rules** section, click **Show** under the **Entities in scope** column for a rule. +* The endpoint is invoked when the pop-up is displayed. + +### cURL Request + +The following cURL command returns a list of code repositories captured by ``. + +```bash +$ curl -k \ + -u \ + -X GET 'https:///api/v/policies/vulnerability/coderepos/impacted?project=&ruleName=' +``` + +A successful response contains a list of impacted repositories by a rule within the context of the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_coderepos_put.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_coderepos_put.md new file mode 100644 index 000000000..514eec136 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_coderepos_put.md @@ -0,0 +1,47 @@ +Updates the vulnerability policy for your code repositories. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Code repositories** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT 'https:///api/v/policies/vulnerability/coderepos' \ + --data ' +{ + "rules":[ + { + "name":"", + "collections":[ + { + "name":"", + } + ], + "alertThreshold":{ + "disabled":false, + "value":0 + }, + "blockThreshold":{ + "enabled":false, + "value":0 + }, + + ... + + } + ], + "policyType": "codeRepoVulnerability" + + ... + +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_host_get.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_host_get.md new file mode 100644 index 000000000..3b9b14b9c --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_host_get.md @@ -0,0 +1,18 @@ +Retrieves the vulnerability policy for your hosts protected by Defender. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Vulnerabilities > Hosts > Running hosts** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/vulnerability/host' +``` + +A successful response returns a list of vulnerability rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_host_impacted_get.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_host_impacted_get.md new file mode 100644 index 000000000..346368518 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_host_impacted_get.md @@ -0,0 +1,20 @@ +Lists the hosts ensnared by your policy on a per-rule basis. + +To see where Console invokes this endpoint: + +* In Console, go to **Defend > Vulnerabilities**. +* Select the **Hosts** tab. +* In the **Vulnerability rules** section, click **Show** under the **Entities in scope** column for a rule. +* The endpoint is invoked when the pop-up is displayed. + +### cURL Request + +The following cURL command returns a list of code repositories captured by `RULE_NAME`. + +```bash +$ curl -k \ + -u \ + -X GET 'https:///api/v/policies/vulnerability/host/impacted?project={PROJECT_NAME}&ruleName={RULE_NAME}' +``` + +A successful response contains a list of impacted hosts by a rule within the context of the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_host_put.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_host_put.md new file mode 100644 index 000000000..2311cfae4 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_host_put.md @@ -0,0 +1,38 @@ +Updates the vulnerability policy for your hosts protected by Defender. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Hosts > Running hosts** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/vulnerability/host' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"", + "collections":[ + { + "name":"" + } + ], + "alertThreshold":{ + "disabled":false, + "value":1 + } + } + ], + "policyType":"hostVulnerability", + "_id":"hostVulnerability" +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_images_get.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_images_get.md new file mode 100644 index 000000000..33581be37 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_images_get.md @@ -0,0 +1,18 @@ +Retrieves the vulnerability policy for deployed container images. +A policy consists of ordered rules. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Images > Deployed** in the Console UI. + + +### cURL Request + +The following cURL command retrieves all rules in the policy. + +```bash +$ curl -k \ + -u \ + -X GET \ + "https:///api/v/policies/vulnerability/images?project=" +``` + +A successful response contains a list of vulnerability rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_images_impacted_get.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_images_impacted_get.md new file mode 100644 index 000000000..ae1d5e396 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_images_impacted_get.md @@ -0,0 +1,20 @@ +Lists the images caught by your policy on a per-rule basis. + +To see where Console invokes this endpoint: + +* In Console, go to **Defend > Vulnerabilities > Images > Deployed**. +* In the policy table, click **Show** under the **Entities in scope** column for a rule. +* The endpoint is invoked when the pop-up is displayed. + +### cURL Request + +The following cURL command returns a list of images caught by ``. + +```bash +$ curl -k \ + -u \ + -X GET \ + "https:///api/v/policies/vulnerability/images/impacted?project=&ruleName=" +``` + +A successful response contains a list of entities caught by a rule within the context of the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_images_put.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_images_put.md new file mode 100644 index 000000000..b3330dab7 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_images_put.md @@ -0,0 +1,45 @@ +Updates the vulnerability policy for deployed container images. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Images > Deployed** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl -k \ + -u \ + -X PUT 'https:///api/v/policies/vulnerability/images' \ + --data '{ + "rules":[ + { + "name":"", + "collections":[ + { + "name":"", + } + ], + "alertThreshold":{ + "disabled":false, + "value":4 + }, + "blockThreshold":{ + "enabled":false, + "value":0 + }, + + ... + + } + ], + "policyType": "containerVulnerability" + + ... + +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_serverless_get.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_serverless_get.md new file mode 100644 index 000000000..c7a8e2ef5 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_serverless_get.md @@ -0,0 +1,20 @@ +Retrieves the vulnerability policy for serverless functions situated in your cloud provider's infrastructure. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Vulnerabilities > Functions** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/vulnerability/serverless' +``` + +A successful response contains a list of vulnerability rules in the policy. + diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_serverless_put.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_serverless_put.md new file mode 100644 index 000000000..2b567b5b1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_serverless_put.md @@ -0,0 +1,36 @@ +Updates the vulnerability policy for serverless functions situated in your cloud provider's infrastructure. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Functions** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl -k 'https:///api/v/policies/vulnerability/serverless' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "", + "collections": [ + { + "name":"" + } + ], + "alertThreshold": { + "value": 1, + "disabled": false + } + } + ], + "policyType": "serverlessVulnerability" +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_vms_get.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_vms_get.md new file mode 100644 index 000000000..117d2cc4a --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_vms_get.md @@ -0,0 +1,18 @@ +Retrieves the vulnerability policy for VM images scanned in your cloud accounts. +A policy consists of ordered rules. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Hosts > VM images** in the Console UI. + +### cURL Request + +The following cURL command retrieves all rules in the policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/vulnerability/vms?project=' +``` + +A successful response returns a list of vulnerability rules in the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_vms_impacted_get.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_vms_impacted_get.md new file mode 100644 index 000000000..29d9621ea --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_vms_impacted_get.md @@ -0,0 +1,20 @@ +Lists the VM images caught by your policy on a per-rule basis. + +To see where Console invokes this endpoint: + +* In Console, go to **Defend > Vulnerabilities > Hosts**. +* Select the **VM images** tab. +* In the **Vulnerability rules** section, click **Show** under the **Entities in scope** column for a rule. +* The endpoint is invoked when the pop-up is displayed. + +### cURL Request + +The following cURL command returns a list of code repositories captured by ``. + +```bash +$ curl -k \ + -u \ + -X GET 'https:///api/v/policies/vulnerability/vms?project=&ruleName=' +``` + +A successful response contains a list of impacted repositories by a rule within the context of the policy. diff --git a/openapi-specs/compute/32-05/desc/policies/vulnerability_vms_put.md b/openapi-specs/compute/32-05/desc/policies/vulnerability_vms_put.md new file mode 100644 index 000000000..42df90fca --- /dev/null +++ b/openapi-specs/compute/32-05/desc/policies/vulnerability_vms_put.md @@ -0,0 +1,43 @@ +Updates the policy for VM images scanned in your cloud accounts. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Hosts > VM images** in the Console UI. + + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +```bash +$ curl 'https:///api/v/policies/vulnerability/vms?project=' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "", + "collections":[ + { + "name":"", + } + ], + "alertThreshold":{ + "disabled":false, + "value":4 + }, + + ... + + } + ], + "policyType": "vmVulnerability" + + ... + +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/32-05/desc/profiles/app-embedded_download_get.md b/openapi-specs/compute/32-05/desc/profiles/app-embedded_download_get.md new file mode 100644 index 000000000..4b3f7ff8a --- /dev/null +++ b/openapi-specs/compute/32-05/desc/profiles/app-embedded_download_get.md @@ -0,0 +1,14 @@ +Downloads the app-embedded observations in a CSV format. + +## cURL Request + +Refer to the following example cURL command that downloads all the app-embedded runtime profiles: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + 'https:///api/v/profiles/app-embedded/download' +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/profiles/app-embedded_get.md b/openapi-specs/compute/32-05/desc/profiles/app-embedded_get.md new file mode 100644 index 000000000..f3ddb3125 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/profiles/app-embedded_get.md @@ -0,0 +1,13 @@ +Retrieves the app-embedded observations. + +## cURL Request + +Refer to the following example cURL command that lists all the app-embedded runtime: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/profiles/app-embedded' +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/profiles/container_download_get.md b/openapi-specs/compute/32-05/desc/profiles/container_download_get.md new file mode 100644 index 000000000..ad7a86101 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/profiles/container_download_get.md @@ -0,0 +1,15 @@ +Retrieves the details and state of all runtime models in CSV format. + + +## cURL Request + +Refer to the following example cURL command that downloads a complete list in CSV format: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + https:///api/v/profiles/container/download +``` diff --git a/openapi-specs/compute/32-05/desc/profiles/container_filters_get.md b/openapi-specs/compute/32-05/desc/profiles/container_filters_get.md new file mode 100644 index 000000000..8b6122b80 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/profiles/container_filters_get.md @@ -0,0 +1,13 @@ +Returns a list of os and images from page monitor/runtime/container-models in Console. + + +Example curl command: + +```bash +$ curl -k -G \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + --data-urlencode 'image=istio/examples-bookinfo-reviews-v2:1.8.0' + https://:8083/api/v1/profiles/container/filters +``` diff --git a/openapi-specs/compute/32-05/desc/profiles/container_get.md b/openapi-specs/compute/32-05/desc/profiles/container_get.md new file mode 100644 index 000000000..cdbc24c3e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/profiles/container_get.md @@ -0,0 +1,13 @@ +Retrieves the details and state of all runtime models. + +## cURL Request + +Refer to the following example cURL command that lists all runtime models in a system: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/profiles/container +``` diff --git a/openapi-specs/compute/32-05/desc/profiles/container_learn_post.md b/openapi-specs/compute/32-05/desc/profiles/container_learn_post.md new file mode 100644 index 000000000..5fef2e31e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/profiles/container_learn_post.md @@ -0,0 +1,15 @@ +Puts all containers into learning mode. + +For more information, refer to [Learning mode](https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-containers#undefined) in Runtime Defense for Containers. + +## cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k -G \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/profiles/container/learn +``` diff --git a/openapi-specs/compute/32-05/desc/profiles/host_download_get.md b/openapi-specs/compute/32-05/desc/profiles/host_download_get.md new file mode 100644 index 000000000..ace270a32 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/profiles/host_download_get.md @@ -0,0 +1,14 @@ +Retrieves the details and state of each host service runtime model in CSV format. + +## cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + https:///api/v/profiles/host/download +``` diff --git a/openapi-specs/compute/32-05/desc/profiles/host_get.md b/openapi-specs/compute/32-05/desc/profiles/host_get.md new file mode 100644 index 000000000..208a24de3 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/profiles/host_get.md @@ -0,0 +1,23 @@ +Retrieves the details and state of each host service runtime model on a host-by-host basis. +The returned JSON object has the following structure: + +``` +* host1: + * service1: model + * service2: model +* host2: + * service1: model + * service3: model +``` + +## cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/profiles/host +``` diff --git a/openapi-specs/compute/32-05/desc/profiles/host_id_rule_get.md b/openapi-specs/compute/32-05/desc/profiles/host_id_rule_get.md new file mode 100644 index 000000000..672cb4c62 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/profiles/host_id_rule_get.md @@ -0,0 +1,18 @@ +Return the runtime rule/policy that is associated with this host. + +To get the `PROFILE_ID` for a profile: + +1. Retrieve a list of profiles using the GET method on the `/api/v1/profiles/host` endpoint. + +2. For the profile of interest, copy the value in `_id`. +This is the `PROFILE_ID`. + +The following example command uses curl and basic auth to specify the learning mode for a profile. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/host/container//rule +``` diff --git a/openapi-specs/compute/32-05/desc/profiles/profiles.md b/openapi-specs/compute/32-05/desc/profiles/profiles.md new file mode 100644 index 000000000..89b8f634c --- /dev/null +++ b/openapi-specs/compute/32-05/desc/profiles/profiles.md @@ -0,0 +1,3 @@ +Manage the runtime models (profiles) created for each image in your environment. +For more information about how models are used to secure you running containers, see +[Runtime defense](https://docs.twistlock.com/docs/latest/runtime_defense/runtime_defense.html). diff --git a/openapi-specs/compute/32-05/desc/profiles/service_download_get.md b/openapi-specs/compute/32-05/desc/profiles/service_download_get.md new file mode 100644 index 000000000..63dff3354 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/profiles/service_download_get.md @@ -0,0 +1,10 @@ +Retrieves the details and state of all host service runtime models in CSV format + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o profiles-service.csv \ + https://:8083/api/v1/profiles/service/download +``` diff --git a/openapi-specs/compute/32-05/desc/profiles/service_get.md b/openapi-specs/compute/32-05/desc/profiles/service_get.md new file mode 100644 index 000000000..a4f8c348d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/profiles/service_get.md @@ -0,0 +1,18 @@ +Retrieves the details and state of all host service runtime models. +The returned JSON object has the following structure: + +``` +* service1: model +* service2: model +* service3: model +``` + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/profiles/service +``` diff --git a/openapi-specs/compute/32-05/desc/profiles/service_id_learn_post.md b/openapi-specs/compute/32-05/desc/profiles/service_id_learn_post.md new file mode 100644 index 000000000..fb338b80d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/profiles/service_id_learn_post.md @@ -0,0 +1,20 @@ +Specify the learning mode for a host service profile. + +To get the `PROFILE_ID` for a profile: + +1. Retrieve a list of profiles using the GET method on the `/api/v1/profiles/service` endpoint. + +2. For the profile of interest, copy the value in `_id`. +This is the `PROFILE_ID`. +The `PROFILE_ID` is typically the service's name, such as `sshd` or `ntpd`. + +The following example command uses curl and basic auth to specify the learning mode for a host service profile. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"state":"manualLearning"}' \ + https://:8083/api/v1/profiles/container//learn +``` diff --git a/openapi-specs/compute/32-05/desc/profiles/service_learn_post.md b/openapi-specs/compute/32-05/desc/profiles/service_learn_post.md new file mode 100644 index 000000000..02a1f299e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/profiles/service_learn_post.md @@ -0,0 +1,11 @@ +Specify the learning mode for all host service profiles. + +The following example command uses curl and basic auth to specify the learning mode for all host service profiles. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/profiles/service/learn +``` diff --git a/openapi-specs/compute/32-05/desc/profiles/service_names_get.md b/openapi-specs/compute/32-05/desc/profiles/service_names_get.md new file mode 100644 index 000000000..7da863545 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/profiles/service_names_get.md @@ -0,0 +1,11 @@ +Retrieves the name of all host service runtime models from within the app at **Monitor > Runtime > Host-models**. + +The following example curl command uses basic auth to retrieve this data: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/profiles/service/names +``` diff --git a/openapi-specs/compute/32-05/desc/projects/get.md b/openapi-specs/compute/32-05/desc/projects/get.md new file mode 100644 index 000000000..05485c24c --- /dev/null +++ b/openapi-specs/compute/32-05/desc/projects/get.md @@ -0,0 +1,11 @@ +Lists all projects visible to the given user. + +Assuming the given user is an admin, the following example curl command would list all projects: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/projects +``` diff --git a/openapi-specs/compute/32-05/desc/projects/name_delete.md b/openapi-specs/compute/32-05/desc/projects/name_delete.md new file mode 100644 index 000000000..fba889f7e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/projects/name_delete.md @@ -0,0 +1,13 @@ +Deletes a project from the system. + +The following example curl command deletes a project named ``. +The value for `` can be retrieved from the `_id` field in the response object from `GET /api/v1/projects`. + +The DELETE method returns the decommissioned supervisor's admin username and password. + +```bash +$ curl -k \ + -u \ + -X DELETE \ + https://:8083/api/v1/projects/ +``` diff --git a/openapi-specs/compute/32-05/desc/projects/name_put.md b/openapi-specs/compute/32-05/desc/projects/name_put.md new file mode 100644 index 000000000..b5a83a67d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/projects/name_put.md @@ -0,0 +1,11 @@ +Updates a project. + +The following example curl command updates a project named ``. +The value for `` can be retrieved from the `_id` field in the response object from `GET /api/v1/projects`. + +```bash +$ curl -k \ + -u \ + -X PUT \ + https://:8083/api/v1/projects/ +``` diff --git a/openapi-specs/compute/32-05/desc/projects/post.md b/openapi-specs/compute/32-05/desc/projects/post.md new file mode 100644 index 000000000..8862c0fd4 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/projects/post.md @@ -0,0 +1,35 @@ +Provisions a new project. + +The following example curl command provisions a new project named `my-project`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "_id":"my-project", + "type":"tenant", + "address":"https://:8083" +}' \ + https://:8083/api/v1/projects +``` + +If you have installed a new instance of Console, and you have already created an initial admin user for it, then you can specify the admin username name and password when you provision the project. + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "_id":"my-project", + "type":"tenant", + "address":"https://:8083", + "username":"henry", + "password":{"plain":"testing123"} +}' \ + https://:8083/api/v1/projects +``` diff --git a/openapi-specs/compute/32-05/desc/projects/projects.md b/openapi-specs/compute/32-05/desc/projects/projects.md new file mode 100644 index 000000000..7e7dcff66 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/projects/projects.md @@ -0,0 +1,59 @@ +Manage [Projects](https://docs.twistlock.com/docs/latest/deployment_patterns/projects.html). + +Before you can provision a project using this endpoint, you must designate one instance of Console as master using the `POST /api/v1/settings/projects` endpoint. + +#### Accessing the REST API of a supervisor Console + +[comment]: # (See twistlock/pkg/console/route_handler_middleware.go: function NewRouteOpt, for the list of endpoints that are proxied.) + +After enabling projects and provisioning a new project, access to the supervisor Console is proxied through Central Console. +You cannot access a supervisor's REST API directly. +All API requests to a supervisor must be made through Central Console. + +To retrieve data from a project, add the the following query parameter to your request: + +`project=` + +Where the default value for `project` is `Central+Console`. +If `project` is not specified, it is set to `Central+Console`. + +For example, to retrieve the compliance policies for a tenant project named `mobile_payments_division`, use the following curl command: + +``` +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/policies/compliance?project=mobile_payments_division +``` + +Not all REST endpoints are proxied to the supervisor. +It largely depends on the project type (tenant or supervisor). +In some cases, requests cannot be proxied because management of that system is delegated to Central Console only. +Proxying a request to the right project is mostly a concern for tenant projects, which operate with their own policies and settings. + +The following user management endpoints can be accessed from Central Console only. +An administrator centrally manages all users, and specifies who has access to which projects. +These calls are handled by Central Console only. + +* `/api/v1/users` +* `/api/v1/groups` +* `/api/v1/projects` + +The following endpoints are proxied to the relevant supervisor for tenant projects only. + +* `/api/v1/policies` +* `/api/v1/trust` +* `/api/v1/settings` +* `/api/v1/collections` +* `/api/v1/feeds` + +The following endpoints are proxied to the relevant supervisor for both tenant and scale projects: + +* `/api/v1/settings/alerts` +* `/api/v1/alert-profiles` +* `/api/v1/settings/regisry` +* `/api/v1/settings/certs` +* `/api/v1/settings/secrets` +* `/api/v1/policies/secrets` + diff --git a/openapi-specs/compute/32-05/desc/radar/container_clean_post.md b/openapi-specs/compute/32-05/desc/radar/container_clean_post.md new file mode 100644 index 000000000..662b6d53f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/radar/container_clean_post.md @@ -0,0 +1,9 @@ +Cleans the container runtime profiles and Radar entities. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/radar/container/clean +``` diff --git a/openapi-specs/compute/32-05/desc/radar/container_delete.md b/openapi-specs/compute/32-05/desc/radar/container_delete.md new file mode 100644 index 000000000..4eabe337f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/radar/container_delete.md @@ -0,0 +1,9 @@ +Deletes a learned connection between two containers. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/radar/container?dstProfileID=sha256:&srcProfileID=sha256: +``` diff --git a/openapi-specs/compute/32-05/desc/radar/container_export_get.md b/openapi-specs/compute/32-05/desc/radar/container_export_get.md new file mode 100644 index 000000000..7f577568f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/radar/container_export_get.md @@ -0,0 +1,10 @@ +Returns the current learned connections from CNNF (for containers) in JSON format. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o cnnf_containers_export.json \ + https://:8083/api/v1/radar/container/export +``` diff --git a/openapi-specs/compute/32-05/desc/radar/container_filters_get.md b/openapi-specs/compute/32-05/desc/radar/container_filters_get.md new file mode 100644 index 000000000..f66463da1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/radar/container_filters_get.md @@ -0,0 +1,9 @@ +Returns the namespaces from the container view on the Radar page. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/radar/container/filters +``` diff --git a/openapi-specs/compute/32-05/desc/radar/container_get.md b/openapi-specs/compute/32-05/desc/radar/container_get.md new file mode 100644 index 000000000..280d683d9 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/radar/container_get.md @@ -0,0 +1,9 @@ +Returns data from Console's Radar page (container view). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/radar/container +``` diff --git a/openapi-specs/compute/32-05/desc/radar/host_delete.md b/openapi-specs/compute/32-05/desc/radar/host_delete.md new file mode 100644 index 000000000..738fa7a7c --- /dev/null +++ b/openapi-specs/compute/32-05/desc/radar/host_delete.md @@ -0,0 +1,9 @@ +Deletes a learned connection between two apps in CNNF for hosts. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/radar/host?dstProfileID=&srcProfileID= +``` diff --git a/openapi-specs/compute/32-05/desc/radar/host_export_get.md b/openapi-specs/compute/32-05/desc/radar/host_export_get.md new file mode 100644 index 000000000..dd91b5335 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/radar/host_export_get.md @@ -0,0 +1,10 @@ +Returns the current learned connections from CNNF (for hosts) in JSON format. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + https://:8083/api/v1/radar/host/export +``` diff --git a/openapi-specs/compute/32-05/desc/radar/host_get.md b/openapi-specs/compute/32-05/desc/radar/host_get.md new file mode 100644 index 000000000..a12025856 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/radar/host_get.md @@ -0,0 +1,9 @@ +Returns data from Console's Radar page (host view). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/radar/host +``` diff --git a/openapi-specs/compute/32-05/desc/radar/radar.md b/openapi-specs/compute/32-05/desc/radar/radar.md new file mode 100644 index 000000000..516a55fca --- /dev/null +++ b/openapi-specs/compute/32-05/desc/radar/radar.md @@ -0,0 +1,2 @@ +Radar is the primary interface for visualizing your environment. +It is designed to let you navigate through all the data Prisma Cloud Compute has collected about your environment. diff --git a/openapi-specs/compute/32-05/desc/radar/serverless_get.md b/openapi-specs/compute/32-05/desc/radar/serverless_get.md new file mode 100644 index 000000000..b2f329149 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/radar/serverless_get.md @@ -0,0 +1,9 @@ +Returns data from Console's Radar page (serverless view). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/radar/serverless +``` diff --git a/openapi-specs/compute/32-05/desc/radar/serverless_progress_get.md b/openapi-specs/compute/32-05/desc/radar/serverless_progress_get.md new file mode 100644 index 000000000..a11c1ae20 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/radar/serverless_progress_get.md @@ -0,0 +1,25 @@ +Returns the scan progress from Console's Radar page (serverless view). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/radar/serverless/progress +``` + +Example of the return data: + +```json +[ + { + "hostname": "", + "id": "", + "type": "serverlessRadar", + "discovery": false, + "total": 1, + "scanned": 1, + "title": "" + } +] +``` diff --git a/openapi-specs/compute/32-05/desc/radar/serverless_scan_post.md b/openapi-specs/compute/32-05/desc/radar/serverless_scan_post.md new file mode 100644 index 000000000..0d519ba88 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/radar/serverless_scan_post.md @@ -0,0 +1,10 @@ +Initiates a serverless scan of your environments. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/radar/serverless/scan +``` + diff --git a/openapi-specs/compute/32-05/desc/radar/serverless_stop_post.md b/openapi-specs/compute/32-05/desc/radar/serverless_stop_post.md new file mode 100644 index 000000000..5c0bdf186 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/radar/serverless_stop_post.md @@ -0,0 +1,9 @@ +Stops an in-progress serverless scan. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/radar/serverless/stop +``` diff --git a/openapi-specs/compute/32-05/desc/rbac/rbac.md b/openapi-specs/compute/32-05/desc/rbac/rbac.md new file mode 100644 index 000000000..576735876 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/rbac/rbac.md @@ -0,0 +1,3 @@ +Administrative endpoint to create and manage roles for RBAC. + +Roles management with these endpoints is supported for Compute Edition (self-hosted) only. diff --git a/openapi-specs/compute/32-05/desc/rbac/role_delete.md b/openapi-specs/compute/32-05/desc/rbac/role_delete.md new file mode 100644 index 000000000..87015b6e8 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/rbac/role_delete.md @@ -0,0 +1,12 @@ +This endpoint will delete a specific role by its name from page **Manage > Authentication > Roles** +System roles and roles assigned to users/groups cannot be deleted. + +The following example curl command uses basic auth to delete role: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/roles/ +``` diff --git a/openapi-specs/compute/32-05/desc/rbac/roles_get.md b/openapi-specs/compute/32-05/desc/rbac/roles_get.md new file mode 100644 index 000000000..4cd1d9bc7 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/rbac/roles_get.md @@ -0,0 +1,11 @@ +This endpoint will return a list in JSON format of the roles can be found under Manage > Authentication > Roles + +The following example curl command uses basic auth to return: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/rbac/roles +``` diff --git a/openapi-specs/compute/32-05/desc/rbac/roles_post.md b/openapi-specs/compute/32-05/desc/rbac/roles_post.md new file mode 100644 index 000000000..1f20772ce --- /dev/null +++ b/openapi-specs/compute/32-05/desc/rbac/roles_post.md @@ -0,0 +1,46 @@ +Adds a new custom role to the system. This endpoint accepts one role at a time. + +Create role.json file (example) +The added role must contain the "user" permission with read-write access. This permission contains basic API routes required for every authenticated user. + +``` +[ + { + "perms": [ + { + "name": "monitorCI", + "readWrite": true + }, + { + "name": "downloads", + "readWrite": false + }, + { + "name": "accessUI", + "readWrite": false + }, + { + "name": "uIEventSubscriber", + "readWrite": false + }, + { + "name": "user", + "readWrite": true + } + ], + "name": "runtime manager", + "description": "runtime manager" + } +] +``` + +The following example curl command uses basic auth to create the role: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + --binary-data @role.json \ + https://:8083/api/v1/roles +``` diff --git a/openapi-specs/compute/32-05/desc/rbac/roles_put.md b/openapi-specs/compute/32-05/desc/rbac/roles_put.md new file mode 100644 index 000000000..34d7b41a7 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/rbac/roles_put.md @@ -0,0 +1,47 @@ +Updates a single role by its name. This endpoint accepts one role at a time, and overrides its entire permissions set. +System role cannot be updated. + +Create role.json file (example) +The updated role must contain the "user" permission with read-write access. This permission contains basic API routes required for every authenticated user. + +``` +[ + { + "perms": [ + { + "name": "monitorCI", + "readWrite": true + }, + { + "name": "downloads", + "readWrite": false + }, + { + "name": "accessUI", + "readWrite": false + }, + { + "name": "uIEventSubscriber", + "readWrite": false + }, + { + "name": "user", + "readWrite": true + } + ], + "name": "runtime manager", + "description": "runtime manager" + } +] +``` + +The following example curl command uses basic auth to update the role: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + --binary-data @role.json \ + https://:8083/api/v1/roles +``` diff --git a/openapi-specs/compute/32-05/desc/recovery/backup_get.md b/openapi-specs/compute/32-05/desc/recovery/backup_get.md new file mode 100644 index 000000000..4da46f356 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/recovery/backup_get.md @@ -0,0 +1,11 @@ +Returns a list of available backups. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/recovery/backup +``` diff --git a/openapi-specs/compute/32-05/desc/recovery/backup_id_delete.md b/openapi-specs/compute/32-05/desc/recovery/backup_id_delete.md new file mode 100644 index 000000000..ae9c33e90 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/recovery/backup_id_delete.md @@ -0,0 +1,13 @@ +Deletes a given backup by name. + +`{file_name_of_backup} = {backup_name}-18.11.128-1551386737.tar.gz` + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/recovery/backup/{file_name_of_backup} +``` diff --git a/openapi-specs/compute/32-05/desc/recovery/backup_id_patch.md b/openapi-specs/compute/32-05/desc/recovery/backup_id_patch.md new file mode 100644 index 000000000..4a78cd67d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/recovery/backup_id_patch.md @@ -0,0 +1,14 @@ +Deletes a given backup by name. + +`{file_name_of_backup} = {backup_name}-18.11.128-1551386737.tar.gz` + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PATCH \ + -d '"{new_name}"' + https://:8083/api/v1/recovery/backup/{file_name_of_backup} +``` diff --git a/openapi-specs/compute/32-05/desc/recovery/backup_post.md b/openapi-specs/compute/32-05/desc/recovery/backup_post.md new file mode 100644 index 000000000..f45161712 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/recovery/backup_post.md @@ -0,0 +1,12 @@ +Creates a backup named `backup_name` by invoking the MongoDB dump process. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d "{backup_name}" \ + https://:8083/api/v1/recovery/backup +``` diff --git a/openapi-specs/compute/32-05/desc/recovery/recovery.md b/openapi-specs/compute/32-05/desc/recovery/recovery.md new file mode 100644 index 000000000..69c3a521c --- /dev/null +++ b/openapi-specs/compute/32-05/desc/recovery/recovery.md @@ -0,0 +1,4 @@ +Back up and restore Prisma Cloud Compute data. +Prisma Cloud Compute automatically backs up all data and configuration files periodically. +You can view all backups, make new backups, and restore specific backups from the Console UI or API. +You can also restore specific backups using the twistcli command line utility. diff --git a/openapi-specs/compute/32-05/desc/recovery/restore_id_post.md b/openapi-specs/compute/32-05/desc/recovery/restore_id_post.md new file mode 100644 index 000000000..850fceeaa --- /dev/null +++ b/openapi-specs/compute/32-05/desc/recovery/restore_id_post.md @@ -0,0 +1,13 @@ +Restores Prisma Cloud Compute from the given backup. + +`{file_name_of_backup} = {backup_name}-18.11.128-1551386737.tar.gz` + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/recovery/restore/{file_name_of_backup} +``` diff --git a/openapi-specs/compute/32-05/desc/registry/download_get.md b/openapi-specs/compute/32-05/desc/registry/download_get.md new file mode 100644 index 000000000..5a3eb0141 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/registry/download_get.md @@ -0,0 +1,18 @@ +Downloads registry image scan reports in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Compliance > Images > Registries** in the Console UI. + +### cURL Request + +Refer to the following cURL command that generates a CSV file containing the scan reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry/download" \ + > registry_report.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/32-05/desc/registry/get.md b/openapi-specs/compute/32-05/desc/registry/get.md new file mode 100644 index 000000000..96b46382e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/registry/get.md @@ -0,0 +1,63 @@ +Retrieves registry image scan reports. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to **Monitor > Compliance > Images > Registries** in the Console UI. + +> _**Note:**_ In the Console UI, the images can be found in **Monitor > Vulnerabilities > Images > Registries**. + +Consider the following available options to retrieve when you use the `fields` query parameter: +- labels +- repoTag.repo +- repoTag.registry +- clusters +- hosts +- repoTag.tag + +### cURL Request + +Refer to the following cURL command that retrieves a scan report for all images in the registry: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry" +``` + +The compact query can be used to get a general overview of the number of Vulnerabilities and Compliance issue counts rather than listing all the CVEs and compliance violations. + +Refer to the following cURL command that retrieves a compact scan report for the Ubuntu image in the registry: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry?name=https:///ubuntu:latest&compact=true" +``` +The name query is synonymous with the filter registry text field in the Console UI. + +Refer to the following cURL that retrieves the scan report for the image in the registry with the matching **sha256** hash: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry?imageID=sha256:d461f1845c43105d7d686a9cfca9d73b0272b1dcd0381bf105276c978cb02832" +``` + +Refer to the following cURL command that retrieves the images in the first 10 registries: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry?limit=10&offset=0&reverse=false" +``` + +A successful response returns the registry scan reports in alphabetical order. diff --git a/openapi-specs/compute/32-05/desc/registry/get_registry_progress.md b/openapi-specs/compute/32-05/desc/registry/get_registry_progress.md new file mode 100644 index 000000000..03c5d0896 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/registry/get_registry_progress.md @@ -0,0 +1,106 @@ +Shows the progress of an ongoing regular or on-demand registry scan. +By default, the API endpoint displays the progress of a regular scan. + +## View regular registry scan progress +For a regular scan, use the API path only without any query parameters. + +### cURL Request + +Refer to the following example cURL request that retrieves the ongoing scan details for a regular registry scan: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry/progress" +``` +### cURL Response + +Refer to the following example cURL response: + +```bash +[ + { + "discovery": { + "hostname": "", + "id": "", + "scanTime": "0001-01-01T00:00:00Z", + "type": "", + "discovery": false, + "total": 4, + "scanned": 2, + "title": "Step 1/2 discovering tags in registry us-west2-docker.pkg.dev: Discovered tags in 2/4 repositories with 1 Defenders" + }, + "imageScan": { + "hostname": "", + "id": "", + "scanTime": "0001-01-01T00:00:00Z", + "type": "", + "discovery": false, + "total": 2, + "scanned": 0, + "title": "Step 2/2 scanning images in registry us-west2-docker.pkg.dev: Scanned 0/2 images with 1 Defender" + }, + "isScanOngoing": true + } +] +``` + +## View on-demand registry scan progress + +For an on-demand scan that is started using the `/registry/scan` endpoint with the following fields: + +- onDemand: (Mandatory) Set the parameter to `true`. +- repo: (Mandatory) Specify the repository name. +- tag: Specify the image tag (alias of image ID). +- digest: Specify the image digest identifier. + +> **Note:** You must specify either `tag` or `digest` along with the mandatory parameters `onDemand` and `repo` to view the progress. + +### cURL Request + +Refer to the following example cURL request that retrieves the ongoing scan details for an on-demand registry scan that is started using the `/registry/scan` endpoint for the repository `alpine` with tag `3.16`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry/progress?onDemand=true&repo=library/alpine&tag=3.16" +``` +### cURL Response + +Refer to the following example cURL response: + +```bash +[ + { + "discovery": { + "hostname": "", + "id": "", + "scanTime": "0001-01-01T00:00:00Z", + "type": "", + "discovery": false, + "total": 1, + "scanned": 1, + "title": "Step 1/2 discovering tags in repository: library/alpine, tag: 3.16" + }, + "imageScan": { + "hostname": "", + "id": "", + "scanTime": "0001-01-01T00:00:00Z", + "type": "", + "discovery": false, + "total": 1, + "scanned": 1, + "title": "Step 2/2 scanning images in repository: library/alpine, tag: 3.16" + }, + "isScanOngoing": false + } +] +``` + +> **Important:** +- If you use on-demand scan related parameters such as `registry`, `repo`, or `tag` but set the query parameter `onDemand` to `false`, you'll get a bad request error (400). +- If an on-demand scan was completed and you get the progress response for that scan (i.e. "isScanOngoing": false), the next progress response for that image will be an empty list: `[]`, until you initiate another on-demand scan for that image. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/registry/names_get.md b/openapi-specs/compute/32-05/desc/registry/names_get.md new file mode 100644 index 000000000..1e5bed727 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/registry/names_get.md @@ -0,0 +1,13 @@ +Retrieves a list of image names from current scanned registry images. The base `/api/v1/registry` endpoint takes repositories listed in this response as the `names` query. + +## cURL Request + +Refer to the following example cURL command that retrieves a list of image names from your scanned registry images: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/registry/names +``` diff --git a/openapi-specs/compute/32-05/desc/registry/registry.md b/openapi-specs/compute/32-05/desc/registry/registry.md new file mode 100644 index 000000000..41184e2ef --- /dev/null +++ b/openapi-specs/compute/32-05/desc/registry/registry.md @@ -0,0 +1 @@ +Scan reports for images in your registry. diff --git a/openapi-specs/compute/32-05/desc/registry/scan_post.md b/openapi-specs/compute/32-05/desc/registry/scan_post.md new file mode 100644 index 000000000..ce7e19533 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/registry/scan_post.md @@ -0,0 +1,61 @@ +Triggers a new scan for all images when a new image is added to the registry or a new scan for an individual image. + +You can use the scanning feature in the following ways: + +## Regular scan +This feature allows you to trigger a new scan immediately for all the images when a new image is added to the registry or trigger a scan for an individual image. + +Consider the following points for a regular scan: + +* You cannot make multiple parallel scan requests with a regular scan. +* You either need to stop the on-going scan using the `api/vVERSION/registry/stop` or wait for the on-going scan to finish. +For information on stopping a regular scan, see [Stop Registry Scan](https://prisma.pan.dev/api/cloud/cwpp/registry#operation/post-registry-stop) +* You can view the scan result or response for all the images by using the `api/vVERSION/registry` API endpoint. +For information on scan result, see [Get Registry Scan Report](https://prisma.pan.dev/api/cloud/cwpp/registry#operation/get-registry) + +### cURL Request +Refer to the following example cURL command that forces Prisma Cloud Compute to rescan all registry images: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/registry/scan +``` + +Refer to the following example cURL command that forces Prisma Cloud Compute to re-scan a specific image: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"tag":{"registry":"","repo":"","tag":"","digest":""}}'\ + https:///api/v/registry/scan +``` + +## On-demand scan +This feature allows you to trigger a new scan immediately for an individual image and not wait for the next periodic scan. + +**Note**: For an on-demand scan, you must pre-define the image registry scope in the registry scanning configuration. + +Consider the following points for an on-demand scan: + +* You can trigger multiple on-demand image scans without interrupting the main registry scanning process. +* You cannot stop a running on-demand scan, you can only initiate a new parallel scan. +* You can view the on-demand scan result or response by using query parameter `name` that specifies the full image name in the `api/vVERSION/registry` API endpoint. +For information on scan result, see [Get Registry Scan Report](https://pan.dev/prisma-cloud/api/cwpp/get-registry/) + + +### cURL Request +Refer to the following example cURL command to trigger an on-demand scan for an image: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{“onDemandScan”:true,“tag”:{“registry” :“”,“repo”:“”,“digest”:“”}}' \ + "https:///api/v/registry/scan" +``` diff --git a/openapi-specs/compute/32-05/desc/registry/scan_select_post.md b/openapi-specs/compute/32-05/desc/registry/scan_select_post.md new file mode 100644 index 000000000..c88b28df6 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/registry/scan_select_post.md @@ -0,0 +1 @@ +Sends a registry scan request to all registry scanner defenders \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/registry/stop_id_post.md b/openapi-specs/compute/32-05/desc/registry/stop_id_post.md new file mode 100644 index 000000000..72d4cf6e9 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/registry/stop_id_post.md @@ -0,0 +1 @@ +Stops the specific spec's scan or removes it from the queue \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/registry/stop_post.md b/openapi-specs/compute/32-05/desc/registry/stop_post.md new file mode 100644 index 000000000..29e103ac1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/registry/stop_post.md @@ -0,0 +1,13 @@ +Stops current registry scan immediately. + +## cURL Request + +Refer to the following example cURL command that forces Prisma Cloud Compute to stop scanning all registry images: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/registry/stop +``` diff --git a/openapi-specs/compute/32-05/desc/registry/webhook_webhook_delete.md b/openapi-specs/compute/32-05/desc/registry/webhook_webhook_delete.md new file mode 100644 index 000000000..438e124ed --- /dev/null +++ b/openapi-specs/compute/32-05/desc/registry/webhook_webhook_delete.md @@ -0,0 +1,3 @@ +Listens for registry updates. + +Although this endpoint is supported, no backwards compatibility is offered for it. diff --git a/openapi-specs/compute/32-05/desc/registry/webhook_webhook_post.md b/openapi-specs/compute/32-05/desc/registry/webhook_webhook_post.md new file mode 100644 index 000000000..438e124ed --- /dev/null +++ b/openapi-specs/compute/32-05/desc/registry/webhook_webhook_post.md @@ -0,0 +1,3 @@ +Listens for registry updates. + +Although this endpoint is supported, no backwards compatibility is offered for it. diff --git a/openapi-specs/compute/32-05/desc/sandbox/post.md b/openapi-specs/compute/32-05/desc/sandbox/post.md new file mode 100644 index 000000000..2edd7eef3 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/sandbox/post.md @@ -0,0 +1 @@ +Adds a sandbox scan result, the scan is augmented with geolocation data and returned to the client \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/sandbox/sandbox.md b/openapi-specs/compute/32-05/desc/sandbox/sandbox.md new file mode 100644 index 000000000..e69de29bb diff --git a/openapi-specs/compute/32-05/desc/scans/download_get.md b/openapi-specs/compute/32-05/desc/scans/download_get.md new file mode 100644 index 000000000..61a0ccc2d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/scans/download_get.md @@ -0,0 +1,18 @@ +Downloads all scan reports from the Jenkins plugin and twistcli in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Vulnerabilities > Images > CI** in the Console UI. + +### cURL Request + +The following cURL command retrieves and saves your Jenkins and twistcli scan reports to a CSV file called `scans_report.csv`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/scans/download \ + > scans_report.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/32-05/desc/scans/filter_get.md b/openapi-specs/compute/32-05/desc/scans/filter_get.md new file mode 100644 index 000000000..58550ad35 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/scans/filter_get.md @@ -0,0 +1,11 @@ +Retrieves the list of Jenkins projects that have been scanned by the Jenkins plugin. Each project in the `jobName` array can be used to query the base `api/v1/scans` endpoint to retrieve only scan reports in that Jenkins project. + +The following example curl command uses basic auth to retrieve the list of Jenkins project names: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/scans/filters +``` diff --git a/openapi-specs/compute/32-05/desc/scans/get.md b/openapi-specs/compute/32-05/desc/scans/get.md new file mode 100644 index 000000000..9bc06317f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/scans/get.md @@ -0,0 +1,32 @@ +Retrieves all scan reports for images scanned by the Jenkins plugin or twistcli. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to **Monitor > Vulnerabilities > Images > CI** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves the scan reports for all images scanned using the Jenkins CI plugin or the twistcli tool: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/scans +``` + +To get the report of a specific scan, add query parameters to narrow the scope of the request. + +The following cURL command retrieves the scan report for an image with a SHA256 ID of `sha256:f756e84300d8e53006090573dd33abe5b8cfac3e42d104fc4be37f435fe512f3`. + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/scans?imageID=sha256:f756e84300d8e53006090573dd33abe5b8cfac3e42d104fc4be37f435fe512f3' +``` + +A successful response returns the scan reports. diff --git a/openapi-specs/compute/32-05/desc/scans/id_get.md b/openapi-specs/compute/32-05/desc/scans/id_get.md new file mode 100644 index 000000000..7a342ef60 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/scans/id_get.md @@ -0,0 +1,11 @@ +Retrieves all scan reports for images scanned by the Jenkins plugin or twistcli tool for a specific image with an given `id`. The `id` is `_id` value returned in the base `/api/v1/scans` request. + +The following example curl command uses basic auth to retrieve the scan report for just an image with a SHA256 ID of `5c3385fd2e76c5c16124c077`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/scans/5c3385fd2e76c5c16124c077" +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/scans/post.md b/openapi-specs/compute/32-05/desc/scans/post.md new file mode 100644 index 000000000..12fbe6a93 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/scans/post.md @@ -0,0 +1 @@ +Adds a CLI scan result \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/scans/scans.md b/openapi-specs/compute/32-05/desc/scans/scans.md new file mode 100644 index 000000000..ff3285bba --- /dev/null +++ b/openapi-specs/compute/32-05/desc/scans/scans.md @@ -0,0 +1 @@ +Retrieve Jenkins and twistcli scan reports. diff --git a/openapi-specs/compute/32-05/desc/scans/sonatype_post.md b/openapi-specs/compute/32-05/desc/scans/sonatype_post.md new file mode 100644 index 000000000..e69de29bb diff --git a/openapi-specs/compute/32-05/desc/scans/vms_post.md b/openapi-specs/compute/32-05/desc/scans/vms_post.md new file mode 100644 index 000000000..291393b44 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/scans/vms_post.md @@ -0,0 +1 @@ +Saves a single VM image scan result. diff --git a/openapi-specs/compute/32-05/desc/scripts/console_sh_get.md b/openapi-specs/compute/32-05/desc/scripts/console_sh_get.md new file mode 100644 index 000000000..d8f02038f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/scripts/console_sh_get.md @@ -0,0 +1,20 @@ +Download the Console set up script for Linux hosts. + +Only users that have a user role of Defender Manager or higher (Operator and Administrator) are permitted to download this file. +For more information about each supported role, see +[User roles](https://docs.twistlock.com/docs/latest/access_control/user_roles.html). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o console.sh \ + https://:8083/api/v1/scripts/console.sh +``` + +The script must be made executable before it can run: + +```bash +$ chmod +x console.sh +``` diff --git a/openapi-specs/compute/32-05/desc/scripts/defender_ps1_get.md b/openapi-specs/compute/32-05/desc/scripts/defender_ps1_get.md new file mode 100644 index 000000000..a47616983 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/scripts/defender_ps1_get.md @@ -0,0 +1,17 @@ +Download the Defender set up script for Windows hosts. + +Only users that have a user role of Defender Manager or higher (Operator and Administrator) are permitted to download this file. +For more information about each supported role, see +[User roles](https://docs.twistlock.com/docs/latest/access_control/user_roles.html). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o defender.ps1 \ + https://:8083/api/v1/scripts/defender.ps1 +``` + +NOTE: The downloaded script takes a number of parameters to control how Defender is installed. +To see the default parameters, open Console, go to **Manage > Defenders > Deploy**, and examine how the script is configured based on the options you select. diff --git a/openapi-specs/compute/32-05/desc/scripts/defender_sh_get.md b/openapi-specs/compute/32-05/desc/scripts/defender_sh_get.md new file mode 100644 index 000000000..98ad6cf62 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/scripts/defender_sh_get.md @@ -0,0 +1,23 @@ +Download the Defender set up script for Linux hosts. + +Only users that have a user role of Defender Manager or higher (Operator and Administrator) are permitted to download this file. +For more information about each supported role, see +[User roles](https://docs.twistlock.com/docs/latest/access_control/user_roles.html). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o defender.sh \ + https://:8083/api/v1/scripts/defender.sh +``` + +The script must be made executable before it can run: + +```bash +$ chmod +x defender.sh +``` + +NOTE: The downloaded script takes a number of parameters to control how Defender is installed. +To see the default parameters, open Console, go to **Manage > Defenders > Deploy**, and examine how the script is configured based on the options you select. diff --git a/openapi-specs/compute/32-05/desc/scripts/scripts.md b/openapi-specs/compute/32-05/desc/scripts/scripts.md new file mode 100644 index 000000000..95aca2460 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/scripts/scripts.md @@ -0,0 +1 @@ +Download the scripts used in the Prisma Cloud Compute environment. diff --git a/openapi-specs/compute/32-05/desc/serverless/download_get.md b/openapi-specs/compute/32-05/desc/serverless/download_get.md new file mode 100644 index 000000000..a8e49ff25 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/serverless/download_get.md @@ -0,0 +1,17 @@ +Downloads all serverless scan reports in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Vulnerabilities > Functions > Scanned functions** in the Console UI. + +### cURL Request + +The following cURL command retrieves a list of all serverless resources monitored by Prisma Cloud Compute and saves the results in a CSV file called `serverless.csv`: + +```bash +$ curl -k \ + -u \ + -X GET \ + 'https:///api/v/serverless/download' \ + > serverless.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/32-05/desc/serverless/embed_post.md b/openapi-specs/compute/32-05/desc/serverless/embed_post.md new file mode 100644 index 000000000..6cce784b8 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/serverless/embed_post.md @@ -0,0 +1,11 @@ +The following curl command uses basic auth to retrieve a list of all Serverless resources that monitored by Prisma Cloud Compute, and save the results to a CSV file: + +```bash +$ curl -k \ + -X POST \ + -H "Content-Type: application/octet-stream" \ + -u \ + --data-binary @ \ + 'http://:8083/api/v1/serverless/embed?runtime=&handler=&function=' \ + -o twistlock_lambda.zip +``` diff --git a/openapi-specs/compute/32-05/desc/serverless/evaluate_post.md b/openapi-specs/compute/32-05/desc/serverless/evaluate_post.md new file mode 100644 index 000000000..f24bf10f4 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/serverless/evaluate_post.md @@ -0,0 +1 @@ +Adds vulnerability data for the given functions. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/serverless/get.md b/openapi-specs/compute/32-05/desc/serverless/get.md new file mode 100644 index 000000000..77a0d8a4e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/serverless/get.md @@ -0,0 +1,20 @@ +Retrieves all scan reports for the serverless functions which Prisma Cloud has been configured to scan. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to **Monitor > Vulnerabilities > Functions > Scanned functions** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves the scan reports for serverless functions: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/serverless +``` + +A successful response returns the scan reports. diff --git a/openapi-specs/compute/32-05/desc/serverless/names_get.md b/openapi-specs/compute/32-05/desc/serverless/names_get.md new file mode 100644 index 000000000..62cbcd53b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/serverless/names_get.md @@ -0,0 +1,9 @@ +The following curl command uses basic auth to retrieve a list of names of all Serverless resources monitored by Prisma Cloud Compute: + +```bash +$ curl -k \ + -X GET \ + -H "Content-Type: application/json" \ + -u \ + http:///api/v/serverless/names \ +``` diff --git a/openapi-specs/compute/32-05/desc/serverless/scan_post.md b/openapi-specs/compute/32-05/desc/serverless/scan_post.md new file mode 100644 index 000000000..159285349 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/serverless/scan_post.md @@ -0,0 +1,12 @@ +Re-scan all serverless functions immediately. + +### cURL Request + +Refer to the following example cURL command that forces Prisma Cloud Compute to re-scan all serverless functions: + +```bash +$ curl -k \ + -u \ + -X POST \ + https:///api/v/serverless/scan +``` diff --git a/openapi-specs/compute/32-05/desc/serverless/serverless.md b/openapi-specs/compute/32-05/desc/serverless/serverless.md new file mode 100644 index 000000000..5c6846b6c --- /dev/null +++ b/openapi-specs/compute/32-05/desc/serverless/serverless.md @@ -0,0 +1 @@ +Scan reports for your serverless functions. diff --git a/openapi-specs/compute/32-05/desc/serverless/stop_post.md b/openapi-specs/compute/32-05/desc/serverless/stop_post.md new file mode 100644 index 000000000..763710842 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/serverless/stop_post.md @@ -0,0 +1,12 @@ +Stops the ongoing serverless scan. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -X POST \ + https:///api/v/serverless/stop +``` diff --git a/openapi-specs/compute/32-05/desc/settings/alerts_get.md b/openapi-specs/compute/32-05/desc/settings/alerts_get.md new file mode 100644 index 000000000..060114c39 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/alerts_get.md @@ -0,0 +1,9 @@ +Retrieves a list of your alert settings. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/alerts +``` diff --git a/openapi-specs/compute/32-05/desc/settings/alerts_options_get.md b/openapi-specs/compute/32-05/desc/settings/alerts_options_get.md new file mode 100644 index 000000000..095c1f1b7 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/alerts_options_get.md @@ -0,0 +1,11 @@ +This endpoint will return the alert profile configuration options that can be found in the console under the alert type selection when setting up a new alert profile. + +The following example curl command uses basic auth to retrieve all alert profile configuration options: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/alerts/options +``` diff --git a/openapi-specs/compute/32-05/desc/settings/alerts_post.md b/openapi-specs/compute/32-05/desc/settings/alerts_post.md new file mode 100644 index 000000000..3acb8d543 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/alerts_post.md @@ -0,0 +1,17 @@ +Configure alerts. + +The following example curl command sets the aggregation period for alerts to one hour. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "aggregationPeriodMs": 3600000, + "consoleAddress": "https://:8083", + "securityAdvisorWebhook": "" +}' \ + https://:8083/api/v1/settings/alerts +``` diff --git a/openapi-specs/compute/32-05/desc/settings/certificates_post.md b/openapi-specs/compute/32-05/desc/settings/certificates_post.md new file mode 100644 index 000000000..fbdc8a5a9 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/certificates_post.md @@ -0,0 +1,19 @@ +Sets a certificate authority (CA) to trust and the validity period for client certificates. + +Use client certificates to authenticate commands sent from the Docker client through Prisma Cloud Compute. + +For more information, see [Certificates](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/configure/certificates). + +## cURL Request + +Refer to the following example cURL request that uses basic auth to set the validity period for client certificates to seven days: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -w "\nResponse code: %{http_code}\n" \ + -X POST \ + -d '{"certificatePeriodDays": 7} ' \ + "https:///api/v/settings/certificates" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/certs_get.md b/openapi-specs/compute/32-05/desc/settings/certs_get.md new file mode 100644 index 000000000..ba6674a3c --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/certs_get.md @@ -0,0 +1,14 @@ +Returns the Subject Alternative Name(s) (SANs) in Console's certificate. +Defenders use these names to connect to Console. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to retrieve the SANs in Console's cert: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/certs" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/certs_post.md b/openapi-specs/compute/32-05/desc/settings/certs_post.md new file mode 100644 index 000000000..a6e429006 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/certs_post.md @@ -0,0 +1,31 @@ +Adds or deletes Subject Alternative Name(s) (SANs) in Prisma Cloud Compute's certificate. +Defenders use these names to connect to Prisma Cloud Compute. + +SANs are set in a single shot. +You should first retrieve the list of SANs with the GET method. +Then add or remove entries from the `consoleSAN` array, and post the updated JSON object. + +For more information, see [Certificates](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/configure/certificates). + +## cURL Request + +Refer to the following example cURL request that uses basic auth to add `node-01.example.com` to the `subjectAltName` field in the certificate: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -w "\nResponse code: %{http_code}\n" \ + -X POST \ + -d ' + { + "consoleSAN": [ + "10.240.0.34", + "172.17.0.1", + "ian-23.c.cto-sandbox.internal", + "127.0.0.1", + "node-01.example.com" + ] + }' \ + "https:///api/v/settings/certs" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/coderepos_get.md b/openapi-specs/compute/32-05/desc/settings/coderepos_get.md new file mode 100644 index 000000000..6cbfb78cb --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/coderepos_get.md @@ -0,0 +1,28 @@ +Retrieves the list of code repositories Prisma Cloud is configured to scan. +It also retrieves a partial webhook URL. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to **Defend > Vulnerabilities > Code repositories** in the Console UI page. + +* **GitHub repositories scan scope** table data +* URL suffix in **Webhook settings** + +### Webhook + +You can optionally configure your code repositories with a webhook to trigger Prisma Cloud to scan repositories when there are pertinent events (e.g., new code commits). + +Construct the full webhook using Console's publicly accessible DNS name or IP address, plus the webhook URL suffix. + +### cURL Request + +Refer to the following example cURL command that retrieves all code repositories to scan, as well as the webhook URL suffix: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/settings/coderepos' +``` diff --git a/openapi-specs/compute/32-05/desc/settings/coderepos_put.md b/openapi-specs/compute/32-05/desc/settings/coderepos_put.md new file mode 100644 index 000000000..28a679762 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/coderepos_put.md @@ -0,0 +1,68 @@ +Updates the code repositories to scan. +The list of code repositories to scan is updated in a single shot. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > Vulnerabilities > Code repositories**. +2. Under the **GitHub repositories scan scope** table, add a scope item using **+ Add scope** + + **Note:** If your table is not present add an item to the table by clicking **Add the first item**. + +3. Click the **Save** button. + +### General Set up and Scan Process + +This endpoint works hand-in-hand with the `/policies` endpoints. + +**To set up Prisma Cloud to scan your code repositories:** + +1. Add a scan scope with this endpoint (`/settings/coderepos`), where the principle component is the account information for the service that hosts your code repositories. + + For example, specify the the credentials of your GitHub account. + You can further refine the scope by specifying which repos to scan using explicit strings or pattern matching. + Scan all repos by specifying a wildcard. + +2. Prisma Cloud auto-discovers all code repositories in each scan scope. + + The system invokes the GET `/coderepos/discover` endpoint to discover the available repositories using the credential ID provided. + +3. The list of auto-discovered code repositories is passed to the scanner for evaluation. + + The scanner uses the corresponding `/policies/vulnerability/coderepos` endpoint to assess each code repository. + +### cURL Request + +Each scan scope is specified as an element in the endpoint's payload array. +Itemize the repositories to scan in the `repositories` array. +A wildcard tells Prisma Cloud to scan all repos in the account. + +The critical fields for this endpoint are: + +* `type` - Hosting service, such as GitHub (`github`) +* `credentialID` - Credential, from the credentials store, that Prisma Cloud uses to authenticate with the hosting service. +* `repositories` - List of repository names. +The format is `/`. + +Refer to the following example cURL command that overwrites all code repository scan scopes with a single new scan scope: + +```bash +$ curl 'https:///api/v/settings/coderepos' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'[ + { + "type":"github", + "publicOnly":false, + "credentialID":"", + "repositories":[ + "*" + ] + } +]' +``` +This scan scope includes all repositories in the GitHub account that can be accessed with `CREDENTIAL_ID`. + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/settings/console-certificates_post.md b/openapi-specs/compute/32-05/desc/settings/console-certificates_post.md new file mode 100644 index 000000000..5673af840 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/console-certificates_post.md @@ -0,0 +1,18 @@ +Configures the custom certificate for securing browser access to the Console. + +These settings can be seen in the console under **Manage > Authentication > System Certificates**. + +For the custom TLS certificate for securing browser access, this file must be in the concatenated public cert and private key in PEM format. For more information about this configuration, see [Custom certs for Console access](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/configure/custom_certs_predefined_dir) + +## cURL Request + +Refer to the following example cURL request that uses basic auth and configures the custom certificate to use for securing browser access to the console: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"consoleCustomCert":"....."}' \ + "https:///api/v/settings/console-certificate" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/custom-labels_get.md b/openapi-specs/compute/32-05/desc/settings/custom-labels_get.md new file mode 100644 index 000000000..a849dd8a8 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/custom-labels_get.md @@ -0,0 +1,13 @@ +Returns the list of alert labels configured in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/settings/custom-labels +``` diff --git a/openapi-specs/compute/32-05/desc/settings/custom-labels_post.md b/openapi-specs/compute/32-05/desc/settings/custom-labels_post.md new file mode 100644 index 000000000..6bb66e706 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/custom-labels_post.md @@ -0,0 +1,14 @@ +Creates a custom alert label to augment audit events. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d "{labels:"new_label"}" \ + "https:///api/v/settings/custom-labels" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/defender_get.md b/openapi-specs/compute/32-05/desc/settings/defender_get.md new file mode 100644 index 000000000..ecb8b6989 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/defender_get.md @@ -0,0 +1,15 @@ +Returns the advanced settings for Defenders. + +### cURL Request + +Refer to the following example cURL command that gets all advanced settings for Defenders: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/settings/defender' +``` + +A successful response returns all advanced settings for Defenders. diff --git a/openapi-specs/compute/32-05/desc/settings/forensic_get.md b/openapi-specs/compute/32-05/desc/settings/forensic_get.md new file mode 100644 index 000000000..9c16b70b9 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/forensic_get.md @@ -0,0 +1,9 @@ +Retrieves the settings for the forensics system. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/forensic +``` diff --git a/openapi-specs/compute/32-05/desc/settings/forensic_post.md b/openapi-specs/compute/32-05/desc/settings/forensic_post.md new file mode 100644 index 000000000..31f809d39 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/forensic_post.md @@ -0,0 +1,17 @@ +Configures the forensics system. + +The following example curl command allocates 100 MB of local disk space for container forensic data and 10 MB for host forensics data. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "enabled": true, + "containerDiskUsageMb": 100, + "hostDiskUsageMb": 10 +}' \ + https://:8083/api/v1/settings/forensic +``` diff --git a/openapi-specs/compute/32-05/desc/settings/initialized_get.md b/openapi-specs/compute/32-05/desc/settings/initialized_get.md new file mode 100644 index 000000000..3134912d1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/initialized_get.md @@ -0,0 +1,12 @@ +Checks whether Console has been configured with an initial admin account. +After first installing Console, the first thing you must do is create an admin account. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/initialized +``` diff --git a/openapi-specs/compute/32-05/desc/settings/intelligence-windows_post.md b/openapi-specs/compute/32-05/desc/settings/intelligence-windows_post.md new file mode 100644 index 000000000..c39e256d2 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/intelligence-windows_post.md @@ -0,0 +1,12 @@ +This endpoint will enable or disable the Windows Intelligence Service from **Manage > System > Intelligence** page in the console. + +The following example curl command uses basic auth to enable online updates of Windows vulnerabilities from the intelligence stream: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"windowsFeedEnabled":true}' \ + https://:8083/api/v1/settings/intelligence-windows +``` diff --git a/openapi-specs/compute/32-05/desc/settings/intelligence_get.md b/openapi-specs/compute/32-05/desc/settings/intelligence_get.md new file mode 100644 index 000000000..26c694246 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/intelligence_get.md @@ -0,0 +1,13 @@ +Returns the details about the Intelligence Stream configuration. + +### cURL Request + +Refer to the following example cURL command that uses basic auth to retrieve your Intelligence Stream configuration settings. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/intelligence" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/intelligence_post.md b/openapi-specs/compute/32-05/desc/settings/intelligence_post.md new file mode 100644 index 000000000..74b06a3a0 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/intelligence_post.md @@ -0,0 +1,21 @@ +Configures the Intelligence Stream. + +For more information, see [Intelligence Stream](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/technology_overviews/intel_stream) + +### cURL Request + +Refer to the following example cURL command that uses basic auth to configure settings of your Intelligence Stream. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d ' { + "windowsFeedEnabled": true, + "enabled": true, + "address": "https://intelligence.example.com", + "token": "", +}' \ + "https:///api/v/settings/intelligence" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/latest-version_get.md b/openapi-specs/compute/32-05/desc/settings/latest-version_get.md new file mode 100644 index 000000000..c443fa7b5 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/latest-version_get.md @@ -0,0 +1,11 @@ +Retrieves the version number of the latest available Prisma Cloud Compute release. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https://:8083/api/v1/settings/latest-version' +``` diff --git a/openapi-specs/compute/32-05/desc/settings/latest_version_get.md b/openapi-specs/compute/32-05/desc/settings/latest_version_get.md new file mode 100644 index 000000000..18e436668 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/latest_version_get.md @@ -0,0 +1,9 @@ +This endpoint will return the latest version of the product. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/latest-version +``` diff --git a/openapi-specs/compute/32-05/desc/settings/ldap_get.md b/openapi-specs/compute/32-05/desc/settings/ldap_get.md new file mode 100644 index 000000000..4ad0ad0c9 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/ldap_get.md @@ -0,0 +1,34 @@ +Returns the LDAP integration settings. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/ldap" +``` + +## cURL Response + +Refer to the following example cURL response: + +```bash +$ { + "enabled": true, + "url": "ldap://10.176.135.212:379", + "caCert": "", + "searchBase": "", + "groupSearchBase": "ou=Groups,dc=example,dc=org", + "userSearchBase": "ou=Users,dc=example,dc=org", + "accountUpn": "cn=admin,dc=example,dc=org", + "accountPassword": { + "encrypted": "nkMtVY4NN9RccvbVIfLvJw==" + }, + "type": "openldap", + "userSearchIdentifier": "cn" +} +``` diff --git a/openapi-specs/compute/32-05/desc/settings/ldap_post.md b/openapi-specs/compute/32-05/desc/settings/ldap_post.md new file mode 100644 index 000000000..c152c7dc5 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/ldap_post.md @@ -0,0 +1,27 @@ +Configures the LDAP integration. + +For more information, see [Active Directory](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/active_directory) and [OpenLDAP](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/openldap) + +## cURL Request + +Refer to the following example cURL command that enables the LDAP integration and specifies the parameters required to integrate with an Active Directory service. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "enabled": true, + "url": "ldap://ldapserver.example.com:3268", + "searchBase": "dc=example,dc=com", + "accountUpn": "example_service@example.com", + "accountPassword": { + "plain": "pass!-W0RD" + }, + "type": "activedirectory", + "userSearchIdentifier": "userprincipalname" +}' \ + "https:///api/v/settings/ldap" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/license_get.md b/openapi-specs/compute/32-05/desc/settings/license_get.md new file mode 100644 index 000000000..5c792cae8 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/license_get.md @@ -0,0 +1,13 @@ +Returns the details about the installed license. + +## cURL Request + +Refer to the following example cURL request that retrieves the license details. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/license" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/license_post.md b/openapi-specs/compute/32-05/desc/settings/license_post.md new file mode 100644 index 000000000..b77800a5f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/license_post.md @@ -0,0 +1,17 @@ +Configures the Prisma Cloud Compute license. +Use this endpoint, along with `/api/v1/signup`, as part of the initial set up flow after Prisma Cloud Compute is first installed. + +For more information, see [Licensing](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/welcome/licensing). + +## cURL Request + +Refer to the following example cURL request that uses basic auth to set your license: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"key": ""}' \ + https:///api/v/settings/license +``` diff --git a/openapi-specs/compute/32-05/desc/settings/logging_get.md b/openapi-specs/compute/32-05/desc/settings/logging_get.md new file mode 100644 index 000000000..6eda3e484 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/logging_get.md @@ -0,0 +1,13 @@ +Returns the logging settings. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to retrieve your logging details. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/logging" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/logging_post.md b/openapi-specs/compute/32-05/desc/settings/logging_post.md new file mode 100644 index 000000000..3619d9c0f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/logging_post.md @@ -0,0 +1,30 @@ +Configures the logging settings. +This includes Syslog, Stdout, and Prometheus instrumentation. + +For more information, see [Logging](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/audit/logging). + +## cURL Request + +Refer to the following example cURL request that enables verbose scan output for syslog and stdout: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "syslog": { + "enabled": true, + "verboseScan": true, + "allProcEvents": false, + "addr": "" + }, + "stdout": { + "enabled": true, + "verboseScan": true, + "allProcEvents": false, + } +}' \ + "https:///api/v/settings/logging" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/logon_get.md b/openapi-specs/compute/32-05/desc/settings/logon_get.md new file mode 100644 index 000000000..1559f2405 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/logon_get.md @@ -0,0 +1,13 @@ +Configures the logon settings. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to retrieve all current logon settings. + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/logon" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/logon_post.md b/openapi-specs/compute/32-05/desc/settings/logon_post.md new file mode 100644 index 000000000..5c2b60c9f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/logon_post.md @@ -0,0 +1,17 @@ +Configures the timeout for Prisma Cloud Compute sessions. + +For more information, see [Logon Settings](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/configure/logon_settings). + +## cURL Request + +Refer to the following example cURL request that uses basic auth to set the timeout to 900 seconds (15 minutes): + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -w "\nResponse code: %{http_code}\n" \ + -X POST \ + -d '{"sessionTimeoutSec": 900}' \ + "https:///api/v/settings/logon" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/oauth_get.md b/openapi-specs/compute/32-05/desc/settings/oauth_get.md new file mode 100644 index 000000000..6dcf70fb5 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/oauth_get.md @@ -0,0 +1,37 @@ +Returns the OAuth configuration settings. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/oauth" +``` + +## cURL Response + +Refer to the following example cURL response: + +```bash +{ + "enabled": true, + "clientID": "ef3a806a249a31b7d15e", + "clientSecret": { + "encrypted": "O27GsQ7PDX4LrVx6q+A7sMLUAKTbKU3DAYTZyaOhqTqdNwI7raKFCA3/RrmRPUgk" + }, + "providerName": "github", + "authURL": "https://github.com/login/oauth/authorize", + "tokenURL": "https://github.com/login/oauth/access_token", + "groupScope": "", + "groupClaim": "", + "userClaim": "", + "cert": "", + "openshiftBaseURL": "", + "openIDIssuesURL": "", + "providerAlias": "github_ss" +} +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/settings/oauth_post.md b/openapi-specs/compute/32-05/desc/settings/oauth_post.md new file mode 100644 index 000000000..c593b9237 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/oauth_post.md @@ -0,0 +1,16 @@ +Configures the OAuth settings. + +For more information, see [GitHub OAuth](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/oauth2_github) and [OpenShift](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/oauth2_openshift) + +## cURL Request + +Refer to the following example cURL response: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"clientID":"ef3a806a249a31b7d15e","clientSecret":{"encrypted":"O27GsQ7PDX4LrVx6q+A7sMLUAKTbKU3DAYTZyaOhqTqdNwI7raKFCA3/RrmRPUgk"},"providerName":"github","authURL":"https://github.com/login/oauth/authorize","tokenURL":"https://github.com/login/oauth/access_token","providerAlias":"github_ss"}' \ + "https:///api/v/settings/oauth" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/oidc_get.md b/openapi-specs/compute/32-05/desc/settings/oidc_get.md new file mode 100644 index 000000000..ee439622b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/oidc_get.md @@ -0,0 +1,37 @@ +Returns the OpenID Connect configuration settings. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/oidc" +``` + +## cURL Response + +Refer to the following example cURL response: + +```bash +$ { + "enabled": true, + "clientID": "0oajdm6atavfYyJfr4x6", + "clientSecret": { + "encrypted": "rnEk+1be20FLv+BYnDX4s5/T0NOb49hkNkaZQtgiF7K2s65" + }, + "providerName": "", + "authURL": "", + "tokenURL": "", + "groupScope": "groups", + "groupClaim": "groups", + "userClaim": "", + "cert": "", + "openshiftBaseURL": "", + "openIDIssuesURL": "https://ss-123456.okta.com", + "providerAlias": "oidc_okta_ss" +} +``` diff --git a/openapi-specs/compute/32-05/desc/settings/oidc_post.md b/openapi-specs/compute/32-05/desc/settings/oidc_post.md new file mode 100644 index 000000000..e0270247e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/oidc_post.md @@ -0,0 +1,16 @@ +Configures the OpenID Connect settings. + +For more information, see [OIDC](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/oidc). + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -d '{"enabled": true,"clientID":"0oajdm6atavfYyJfr4x6","clientSecret":{"encrypted":"rnEk+1be20FLv+BYnDX4s5/T0NOb49hkNkaZQtgiF7K2s65"},"groupScope":"groups","groupClaim":"groups","openIDIssuesURL":"https://ss-123456.okta.com","providerAlias":"oidc_okta_ss"}' \ + "https:///api/v/settings/oidc" +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/settings/pcf_get.md b/openapi-specs/compute/32-05/desc/settings/pcf_get.md new file mode 100644 index 000000000..5dc21eb17 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/pcf_get.md @@ -0,0 +1,11 @@ +This endpoint will return settings for PCF (Pivotal Cloud Foundry)Blobstore scanning, which can be found in the console under **Defend > Vulnerabilities > PCF Blobstore**. This requires that you have a defender configured for PCF Blobstore scanning. For more information, see [PCF blobstore scanning](https://docs.twistlock.com/docs/latest/vulnerability_management/pcf_blobstore.html). + +The following example curl command uses basic auth to retrieve the current PCF Blobstore scanning settings: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/pcf +``` diff --git a/openapi-specs/compute/32-05/desc/settings/pcf_post.md b/openapi-specs/compute/32-05/desc/settings/pcf_post.md new file mode 100644 index 000000000..139e947cb --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/pcf_post.md @@ -0,0 +1,13 @@ +This endpoint will allow for updating settings for PCF (Pivotal Cloud Foundry) Blobstore scanning. + +The following example curl command uses basic auth to set up a PCF Blobstore scanner that scans the last `5` droplets for every droplet in the PCF Blobstore: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"cap":"5","cloudControllerAddress":"https://my-cloud-controller.twistlock.com","pattern":"*"}' \ + https://:8083/api/v1/settings/pcf +``` + diff --git a/openapi-specs/compute/32-05/desc/settings/projects_get.md b/openapi-specs/compute/32-05/desc/settings/projects_get.md new file mode 100644 index 000000000..f5dd20395 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/projects_get.md @@ -0,0 +1,24 @@ +Tells you whether the [Projects](https://docs.twistlock.com/docs/latest/deployment_patterns/projects.html) feature is enabled. +Projects are enabled when an instance of Console is designated as master. + +The following example curl command retrieves the state of the Projects feature from Console. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/projects +``` + +If you direct the request to a supervisor Console, the response object tells you the URL Central Console (master) uses to communicate with the supervisor Console. +All API calls must be proxied through Central Console, where the request is automatically rerouted to the appropriate supervisor Console. +To retrieve the Projects settings from a supervisor Console, append the `project` query parameter to your request. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/projects?project= +``` diff --git a/openapi-specs/compute/32-05/desc/settings/projects_post.md b/openapi-specs/compute/32-05/desc/settings/projects_post.md new file mode 100644 index 000000000..d29f8e9d5 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/projects_post.md @@ -0,0 +1,16 @@ +Enables or disables the [Projects](https://docs.twistlock.com/docs/latest/deployment_patterns/projects.html) feature. +Projects are enabled when an instance of Console is designated as master. + +The following example curl command designates `` as master. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "master":true + }' \ + https://:8083/api/v1/settings/projects +``` diff --git a/openapi-specs/compute/32-05/desc/settings/proxy_get.md b/openapi-specs/compute/32-05/desc/settings/proxy_get.md new file mode 100644 index 000000000..9a4922d59 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/proxy_get.md @@ -0,0 +1,13 @@ +Returns the proxy settings for Prisma Cloud Compute containers to access the Internet. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/proxy" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/proxy_post.md b/openapi-specs/compute/32-05/desc/settings/proxy_post.md new file mode 100644 index 000000000..a1bdc07ed --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/proxy_post.md @@ -0,0 +1,19 @@ +Configures the proxy settings. + +For more information, see [Proxy Settings](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/configure/proxy). + +## cURL Request + +Refer to the following example cURL request that specifies the proxy to use to access the Internet: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "httpProxy":"http://proxyserver.example.com:8282" +}' \ + https:///api/v/settings/proxy +``` diff --git a/openapi-specs/compute/32-05/desc/settings/registry_get.md b/openapi-specs/compute/32-05/desc/settings/registry_get.md new file mode 100644 index 000000000..12745005d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/registry_get.md @@ -0,0 +1,25 @@ +Retrieves the list of registries Prisma Cloud is configured to scan. +It also retrieves a partial webhook URL. + +This endpoint maps to the following information on the **Defend > Vulnerabilities > Images > Registry settings** Console UI page: + +* **Registries** table data +* The URL suffix under **Webhooks** + +### Webhook + +You can optionally configure your registry with a webook to trigger Prisma Cloud to scan repositories when there is a pertinent event (e.g. a new image is pushed to the registry). + +Construct the full webhook using the publicly accessible DNS name or IP address, plus the webhook URL suffix. + +### cURL Request + +The following cURL command retrieves all the registries to scan and the URL suffix for the registry's webhook URL suffix. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/settings/registry' +``` diff --git a/openapi-specs/compute/32-05/desc/settings/registry_post.md b/openapi-specs/compute/32-05/desc/settings/registry_post.md new file mode 100644 index 000000000..0fae2c481 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/registry_post.md @@ -0,0 +1,88 @@ +Specifies a single registry to scan. + +Each registry to scan is specified as an item in the `specifications` array. +The POST method appends an entry to the `specifications` array. +In contrast, the PUT method adds all registries in a single shot, completely overwriting any previous configuration by replacing the contents of the `specifications` array. +For more information about the `specifications` array, see the GET endpoint. + +The `version` string specifies the type of registry to scan. +It can be one of the following strings: + +* Amazon EC2 Container Registry: `aws` +* Azure Container Registry: `azure` +* CoreOS Quay: `coreos` +* Docker Registry v2: `2` +* Docker Trusted Registry: `dtr` +* Google Container Registry: `gcr` +* GitLab Container Registry: `gitlab` +* IBM Cloud Container Registry: `bluemix` +* JFrog Artifactory: `jfrog` +* Red Hat OpenShift: `redhat` +* Sonatype Nexus: `sonatype` + + +**Note**: From 22.11 (Lagrange) release or later, you can add a maximum of 19,999 registry entries in **Defend > Vulnerabilities > Images > Registry settings**. + +The API response returns an HTTP 400 error, if the number of registry specifications exceeds the maximum allowable limit of 19,999 registry entries. + +**cURL Request** + +Refer to the following example cURL command that configures Prisma Cloud Compute to scan the Ubuntu 16.04 repository on Docker Hub: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d ' + { + "version": "2", + "registry": "", + "repository": "library/ubuntu", + "tag": "16.04", + "os": "linux", + "cap": 5, + "hostname": "", + "scanners": 2, + "collections": ["All"] + } ' \ + 'https:///api/v/settings/registry' +``` + +Starting with 30.03, you can directly add a GitLab Container Registry. +To add settings for a GitLab Container Registry, you must specify the following parameters: + +* **version**: Specify the value *gitlab* for GitLab Container Registry. +* **registry**: Specify the GitLab registry URL address. Example, for native registries, you can specify the address as "https://registry.gitlab.com" +* **credentialID**: Specify the GitLab credential that you added in the credential store in Prisma Cloud Compute. For example, an API token that has atleast the *read_api* scope. +* **gitlabRegistrySpec**: Specify at least one of the following fields: + * **userID**: Specify your GitLab user ID to add all registries associated with it. + * **projectIDs**: Specify the project IDs to add all registries associated with a GitLab project. + * **groupIDs**: Specify the group ID to add all registries associated with a GitLab group. + * **excludedGroupIDs**: Specify the top-level group IDs that you don't want to add. + +Refer to the following example cURL command: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d ' + { + "version":"gitlab", + "registry":"https://registry.gitlab.com", + "namespace":"", + "repository":"", + "tag":"", + "credentialID":"", + "os":"linux", + "harborDeploymentSecurity":false, + "collections":["All"], + "cap":5, + "scanners":2, + "versionPattern":"", + "gitlabRegistrySpec":{"userID":"14631394"} + } ' \ + 'https:///api/v/settings/registry' +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/settings/registry_put.md b/openapi-specs/compute/32-05/desc/settings/registry_put.md new file mode 100644 index 000000000..3768914f6 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/registry_put.md @@ -0,0 +1,136 @@ +Updates the registries to scan. +The list of registries to scan is updated in a single shot. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > Vulnerabilities > Images > Registry settings**. +2. Under the **Registries** table, add a registry item using **+ Add registry** +3. Click the **Save** button. + +**Note**: From 22.11 (Lagrange) release or later, you can add a maximum of 19,999 registry entries in **Defend > Vulnerabilities > Images > Registry settings**. + +The API response returns an HTTP 400 error, if the number of registry specifications exceeds the maximum allowable limit of 19,999 registry entries. + +### General Set up and Scan Process + +This endpoint works hand-in-hand with the `/policies` endpoints. + +**To set up a registry for scanning:** + +1. Add your registry account information using this endpoint. + + For example, specify the location and credentials of an ECR registry in your AWS account. + +2. Prisma Cloud auto-discovers the images in the registries specified with this endpoint. + +3. The list of auto-discovered images is passed to the scanner for evaluation. + + The scanner uses the corresponding `/policies/vulnerability/images` and `/policies/compliance/images` endpoints to assess each image. + + +### cURL Request + +Each registry to scan is specified as an item in the `specifications` array. + +**Note**: Submitting a PUT request with the `specifications` array will first erase all the existing Registry entries, and then insert the new `specifications` array from the PUT request. + +An empty body will also erase all the existing Registry entries. For more information, see [Remove a Registry](https://pan.dev/prisma-cloud/api/cwpp/put-settings-registry/#remove-a-registry). + +We recommend that you send a GET scan settings request via [Get Registry Settings](https://pan.dev/prisma-cloud/api/cwpp/get-settings-registry/) and save the JSON response before sending a PUT API request to update the Registry Settings. + +The critical fields for this endpoint are: + +* `registry` - String specifying the registry URL. +* `credentialID` - String specifying the registry credential. +* `version` - String specifying the type of registry to scan and may be one of the following strings: + +Version|Description + ---|--- + `aws`|Amazon EC2 Container Registry + `azure`|Azure Container Registry + `2`|Docker Registry v2 + `dtr`|Docker Trusted Registry + `gcr`|Google Container Registry + `jfrog`|JFrog Artifactory + `sonatype`|Sonatype Nexus + `coreos`|CoreOS Quay + `redhat`|Red Hat OpenShift + `bluemix`|IBM Cloud Container Registry + +The remaining fields in the `specifications` object (e.g., `repository`, `exclusions`, etc.) are optional. +They let you refine the scope of what Prisma Cloud auto-discovers. + +**Note:** An empty string in `registry` implicitly refers to Docker Hub. +In `repository`, use the `library/` namespace to specify a [Docker official image](https://docs.docker.com/docker-hub/official_images/). +To see the current list of Docker official images, see [here](https://github.com/docker-library/official-images/tree/master/library). + +#### Set up a Private Registry for Scanning + +Most registries you'll configure for scanning will be private. +Prisma Cloud needs credentials to access private registries. +To set this up: + +* Create the credentials with the `/credentials` endpoint. +* Retrieve the credential ID from the `/credentials` endpoint (`_id`). +* Create the registry setting with the recommended minimum required fields (`version`, `registry`, and `credentialID`). + +#### Example cURL Request + +The following cURL command overwrites the current list of registries to scan with two new registries: + +* The official Ubuntu 18.04 image in Docker Hub +* All repositories in a private AWS ECR registry + +```bash +$ curl 'https:///api/v/settings/registry' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ + '{ + "specifications": [ + { + "version": "2", + "registry": "", + "repository": "library/ubuntu", + "tag": "18.04", + "os": "linux", + "cap": 5, + "credentialID": "", + "scanners": 2, + "collections": ["All"] + }, + { + "version": "aws", + "registry": ".dkr.ecr..amazonaws.com", + "os": "linux", + "credentialID": "", + "scanners": 2, + "cap": 5, + "collections": ["All"] + } + ] + }' +``` + +**Note:** No response will be returned upon successful execution. + +### Remove a Registry + +To remove a registry from the list: + +1. Retrieve the current list using the GET method. +2. Remove the entry from the `specifications` JSON array in the response. +3. Use the PUT method to submit the updated JSON object. + +To delete all entries, submit an empty `specifications` array. For example: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{"specifications":[]}' \ + https:///api/v/settings/registry +``` diff --git a/openapi-specs/compute/32-05/desc/settings/saml_get.md b/openapi-specs/compute/32-05/desc/settings/saml_get.md new file mode 100644 index 000000000..f2228a440 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/saml_get.md @@ -0,0 +1,13 @@ +Returns the configured SAML settings that is used to authenticate to the Prisma Cloud Compute console. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/settings/saml +``` diff --git a/openapi-specs/compute/32-05/desc/settings/saml_post.md b/openapi-specs/compute/32-05/desc/settings/saml_post.md new file mode 100644 index 000000000..0bd9c4a25 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/saml_post.md @@ -0,0 +1,28 @@ +Configures the SAML settings that is used to authenticate to the Prisma Cloud Compute. + +For more information, see [Okta via SAML 2.0](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/saml), [G Suite via SAML](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/saml_google_g_suite), [Azure AD via SAML](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/saml_azure_active_directory), [PingFederate via SAML](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/saml_ping_federate), and [ADFS via SAML](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/saml_active_directory_federation_services). + +## cURL Request + +Refer to the following example cURL request that uses the basic auth to set up and enable the SAML integration with Prisma Cloud Compute: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{ + "enabled": true, + "url": "https://my-adfs-server.twistlock.com/adfs/SSO", + "cert": "", + "issuer": "https://my-adfs-server.twistlock.com/adfs/services/trust", + "type": "adfs", + "audience": "twistlock", + "appId": "", + "tenantId": "", + "appSecret": { + "encrypted": "" + } + }' \ + "https:///api/v/settings/saml" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/scan_get.md b/openapi-specs/compute/32-05/desc/settings/scan_get.md new file mode 100644 index 000000000..5c1df30a2 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/scan_get.md @@ -0,0 +1,13 @@ +Returns the global settings for image, host, container, and registry scanning. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/scan" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/scan_post.md b/openapi-specs/compute/32-05/desc/settings/scan_post.md new file mode 100644 index 000000000..f043d1c9f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/scan_post.md @@ -0,0 +1,25 @@ +Configures the Prisma Cloud Compute scanner settings. + +For more information, see [Configure Scanning](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/configure/configure_scan_intervals). +## cURL Request + +Refer to the following example cURL request that configures the following scan intervals: + +* Scan registries and serverless functions once per week. +* Scan images, containers, and hosts once per day. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "imagesScanPeriodMs":86400000, + "containersScanPeriodMs": 86400000, + "systemScanPeriodMs": 86400000, + "serverlessScanPeriodMs": 604800000, + "registryScanPeriodMs":604800000 +}' \ + "https:///api/v/settings/scan" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/secrets_get.md b/openapi-specs/compute/32-05/desc/settings/secrets_get.md new file mode 100644 index 000000000..75e2b32c7 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/secrets_get.md @@ -0,0 +1,11 @@ +This endpoint will return configured secret store already configured in the console. This can be found in the console under **Manage > Authentication > Secrets**. + +The following example curl command retrieves any configured secret stores, as well as the refresh period in hours: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/secrets +``` diff --git a/openapi-specs/compute/32-05/desc/settings/secrets_post.md b/openapi-specs/compute/32-05/desc/settings/secrets_post.md new file mode 100644 index 000000000..d302ecdf8 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/secrets_post.md @@ -0,0 +1,32 @@ +Updates the secret store settings found in the console under **Manage > Authentication > Secrets**. + +Please note the data structure returned from endpoint /settings/secrets GET to set in POST + +Refer to the following example curl command that adds a CyberArk secret store to the console with the appID set to `Prisma_Cloud_Compute_Console` and set the URL to `https://services-myca.twistlock.com:10882`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{ + "secretsStores": [ + { + "name": "Cyberark", + "type": "cyberark", + "appID": "Prisma_Cloud_Compute_Console", + "url": "https://services-myca.twistlock.com:10882", + "caCert": { + "encrypted": "" + }, + "clientCert": { + "encrypted": "" + }, + "useAWSRole": false, + "region": "", + "credentialId": "", + "roleArn": "" + } + ]}' \ + https://:8083/api/v/settings/secrets +``` diff --git a/openapi-specs/compute/32-05/desc/settings/serverless-scan_get.md b/openapi-specs/compute/32-05/desc/settings/serverless-scan_get.md new file mode 100644 index 000000000..bb8ce06ba --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/serverless-scan_get.md @@ -0,0 +1,18 @@ +Retrieves the list of serverless function scan scopes. +Serverless scan scopes specify a region and a credential. + +This endpoint maps to the **Function scope** table data in the **Defend > Vulnerabilities > Functions > Functions** Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves a list of serverless scan scopes: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/settings/serverless-scan' +``` + +A successful response returns a list of scan scopes. diff --git a/openapi-specs/compute/32-05/desc/settings/serverless-scan_post.md b/openapi-specs/compute/32-05/desc/settings/serverless-scan_post.md new file mode 100644 index 000000000..0be8ba648 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/serverless-scan_post.md @@ -0,0 +1,56 @@ +Adds serverless function providers to scan for vulnerabilities. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > Vulnerabilities > Functions > Functions**. +2. Under the **Function scope** table, add a registry item using **+ Add scope** + + **Note:** If the table is not present, use the **Add the first item** link. + +3. Click the **Save** button. + + +### General Set up and Scan Process + +This endpoint works hand-in-hand with the `/policies` endpoints. + +**To set up a scope for serverless scanning:** + +1. Add your scope information using this endpoint. + + For example, specify a region and credentials for accessing the AWS account. + +2. Prisma Cloud auto-discovers the serverless functions in scope. + +3. The list of auto-discovered serverless functions is passed to the scanner for evaluation. + + The scanner uses the corresponding `/policies/vulnerability/serverless` endpoint to assess each serverless function. + +### cURL Request + +Each scan scope is specified as an element in array. + +The critical fields for this endpoint are: + +* `provider` - Host provider name. For example, `aws` refers to Amazon Web Services. +* `credentialID` - ID of the credentials in the credentials store to authenticate against the service provider. + +Refer to the following example cURL command that adds serverless scan scopes to scan with a new single serverless scan scope. + +```bash +$ curl 'https:///api/v/settings/serverless-scan' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ + '[ + { + "provider": "aws", + "credential":{}, + "credentialID":"IAM Role" + } + ]' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/settings/serverless_get.md b/openapi-specs/compute/32-05/desc/settings/serverless_get.md new file mode 100644 index 000000000..b6122c460 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/serverless_get.md @@ -0,0 +1,11 @@ +This endpoint will return any configured serverless function scanners found in **Defend > Vulnerabilities > Functions**. + +The following example curl command uses basic auth to retrieve serverless settings in an array, sorted by Cloud Provider: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/serverless +``` diff --git a/openapi-specs/compute/32-05/desc/settings/serverless_post.md b/openapi-specs/compute/32-05/desc/settings/serverless_post.md new file mode 100644 index 000000000..6e26ea1d3 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/serverless_post.md @@ -0,0 +1,23 @@ +This endpoint will add serverless function providers to scan for vulnerabilities. + +The following example curl command uses basic auth to add a serverless account to scan for serverless functions. This is assuming that you already have the [credential](https://docs.twistlock.com/docs/latest/configure/credentials_store.html) added to the console that is needed to scan that provider: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '[ + { + "provider": "aws", + "region": "us-east-1", + "pattern": "*", + "cap": 5, + "useAWSRole": false, + "credential": { + "_id": "AWS" + } + } +]' \ + https://:8083/api/v1/settings/serverless +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/settings/serverless_scan_put.md b/openapi-specs/compute/32-05/desc/settings/serverless_scan_put.md new file mode 100644 index 000000000..1b4999575 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/serverless_scan_put.md @@ -0,0 +1,31 @@ +Updates the serverless scan scopes. +All scan scopes are updated in a single shot. + +### cURL Request + +Each scan scope is specified as an element in array. + +The critical fields for this endpoint are: + +* `provider` - Host provider name. For example, `aws` refers to Amazon Web Services. +* `credentialID` - ID of the credentials in the credentials store to authenticate against the service provider. + +Refer to the following example cURL command that overwrites all serverless scan scopes to scan with a new single serverless scan scope: + +```bash +$ curl 'https:///api/v/settings/serverless-scan' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ + '[ + { + "provider": "aws", + "credential":{}, + "credentialID":"IAM Role" + } + ]' +``` + +**Note:** No response will be returned upon successful execution. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/settings/settings.md b/openapi-specs/compute/32-05/desc/settings/settings.md new file mode 100644 index 000000000..050b83d4a --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/settings.md @@ -0,0 +1 @@ +Configure your Prisma Cloud Compute installation. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/settings/system_get.md b/openapi-specs/compute/32-05/desc/settings/system_get.md new file mode 100644 index 000000000..6f893abf0 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/system_get.md @@ -0,0 +1,11 @@ +This endpoint will return all system settings in JSON format. + +The following example curl command does exactly that: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/system +``` diff --git a/openapi-specs/compute/32-05/desc/settings/tas_get.md b/openapi-specs/compute/32-05/desc/settings/tas_get.md new file mode 100644 index 000000000..52f392433 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/tas_get.md @@ -0,0 +1,13 @@ +Retrieves Tanzu Application Service (TAS) settings. + +### cURL Request + +Refer to the following example cURL command that retrieves all TAS settings: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/tas" +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/settings/tas_post.md b/openapi-specs/compute/32-05/desc/settings/tas_post.md new file mode 100644 index 000000000..cd783e3f4 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/tas_post.md @@ -0,0 +1,22 @@ +Sets the Tanzu Application Service (TAS) settings. + +### cURL Request + +Refer to the following example cURL command that configures the TAS settings: + +```bash +$ curl 'https:///api/v/settings/tas' + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ + '[ + { + "cap": 5, + "cloudControllerAddress": "https://example.com", + "hostname": "vm-host", + "pattern": "droplet-name" + } + ]' +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/settings/telemetry_get.md b/openapi-specs/compute/32-05/desc/settings/telemetry_get.md new file mode 100644 index 000000000..6460c3fc3 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/telemetry_get.md @@ -0,0 +1,15 @@ +Returns the telemetry settings that anonymously reports the threats and vulnerabilities to Prisma Cloud Compute. + +For more information, see [telemetry](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/technology_overviews/telemetry) article. + +## cURL Request + +Refer to the following example cURL request that retrieves the settings if telemetry is enabled or not: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/telemetry" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/telemetry_post.md b/openapi-specs/compute/32-05/desc/settings/telemetry_post.md new file mode 100644 index 000000000..bc97a6d0f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/telemetry_post.md @@ -0,0 +1,16 @@ +Enables or disables the telemetry feature. + +For more information, see [telemetry](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/technology_overviews/telemetry) article. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to turn off telemetry: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"enabled":false}' \ + "https:///api/v/settings/telemetry" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/trusted_certificate_post.md b/openapi-specs/compute/32-05/desc/settings/trusted_certificate_post.md new file mode 100644 index 000000000..5a2a30bda --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/trusted_certificate_post.md @@ -0,0 +1,21 @@ +Adds a certificate to the list of explicitly trusted certificates. + +Use this endpoint to control how users authenticate to Prisma Cloud Compute. +Users employ client certificates to authenticate commands sent from a Docker client through Prisma Cloud Compute. + +> **_NOTE:_** You can only add a custom certificate if the trusted certificates mode is enabled. +For more information, see the `/settings/trusted-certificates` endpoint. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to add a certificate to the list: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -w "\nResponse code: %{http_code}\n" \ + -X POST \ + -d '{"certificate": "-----BEGIN CERTIFICATE-----\nMIIDUTCCAjmgAwIBAgI......XMKXJA==\n-----END CERTIFICATE-----" }' + "https:///api/v/settings/trusted-certificate" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/trusted_certificates_post.md b/openapi-specs/compute/32-05/desc/settings/trusted_certificates_post.md new file mode 100644 index 000000000..78c07982b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/trusted_certificates_post.md @@ -0,0 +1,21 @@ +Enables authentication for just an explicit list of trusted certificates. + +Use this endpoint to control how users authenticate to Prisma Cloud Compute. +Users employ client certificates to authenticate commands sent from a Docker client through Prisma Cloud Compute. + +> **_NOTE:_** This feature can only be enabled if a custom certificate authority has been configured. +For more information, see the `/settings/certificates` endpoint. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to enable this feature: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -w "\nResponse code: %{http_code}\n" \ + -X POST \ + -d '{"enabled" : true }' + "https:///api/v/settings/trusted-certificates" +``` diff --git a/openapi-specs/compute/32-05/desc/settings/vm_get.md b/openapi-specs/compute/32-05/desc/settings/vm_get.md new file mode 100644 index 000000000..8043742f5 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/vm_get.md @@ -0,0 +1,15 @@ +Retrieves the list of VM image scan scopes. + +This endpoint maps to the **VM images scope** table data in the **Defend > Vulnerabilities > Hosts > VM images** Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves all the scopes used for pattern matching on VM functions: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/settings/vm' +``` diff --git a/openapi-specs/compute/32-05/desc/settings/vm_put.md b/openapi-specs/compute/32-05/desc/settings/vm_put.md new file mode 100644 index 000000000..9eda02855 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/vm_put.md @@ -0,0 +1,56 @@ +Updates the list of VM image scan scopes. +The list of scopes are updated in a single shot. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > Vulnerabilities > Hosts > VM images**. +2. Under the **VM images scope** table, add a registry item using **+ Add scope**. + + **Note:** If the **+ Add scope** button is not present, use the **Add the first item** link. + +3. Click the **Save** button. + +### General Set up and Scan Process + +This endpoint works hand-in-hand with the `/policies` endpoints. +Prisma Cloud auto-discovers the VM images in your cloud account according to the scan scopes specified in `/settings/vm`. +The list of auto-discovered VM images is passed to the scanner for evaluation. +The scanner uses the corresponding `/policies/vulnerability/vms` endpoint to assess each VM image. + +### cURL Request + +Each VM image scan scope is specified as an element in the endpoint's payload array. + +The critical fields for this endpoint are: + +* `version` - Cloud provider. +Currently, only Amazon AWS is supported. +* `region` - Region to scan. +* `credentialID` - Credential ID from the credentials store so Prisma Cloud can authenticate with the cloud provider to access the VM images. +* `collections` - Filter for refining the scope of VM images to scan. +You can scope by VM image name and AWS tag. +* `consoleAddr` - Address for Console that Defender (the scanner) can reach over the network to publish scan results. + +Refer to the following example cURL command that overwrites all current scan scopes with single scan scope: + +```bash +$ curl 'https:///api/v/settings/vm' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ + '[ + { + "version":"aws", + "region":"us-east-1", + "credentialID":"IAM Role", + "collections":[{"name":"All"}], + "cap": 5, + "scanners": 1, + "consoleAddr":"127.0.0.1" + } + ]' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/settings/wildfire_get.md b/openapi-specs/compute/32-05/desc/settings/wildfire_get.md new file mode 100644 index 000000000..494d94018 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/settings/wildfire_get.md @@ -0,0 +1 @@ +Returns the wildfire settings. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/signup/post.md b/openapi-specs/compute/32-05/desc/signup/post.md new file mode 100644 index 000000000..1db21df29 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/signup/post.md @@ -0,0 +1,31 @@ +Creates the initial admin user after Console is first installed. + +Although this endpoint is supported, no backwards compatibility is offered for it. + +### cURL Request + +The following cURL command creates the initial admin user with the username `admin` and password `password`. + +```bash +$ curl -k \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"username": "admin", "password": "password"}' \ + https:///api/v1/signup +``` + +**Note:** The username and password values are case-sensitive. + +### Responses + +**Success Response:** No response will return if the user creation is successful. + +```bash +{"token", "ACCESS_TOKEN_VALUE"} +``` + +**Error Response:** An error response will return the following response if the initial sign up process was previously completed. + +```bash +{"err":"system already initialized"} +``` diff --git a/openapi-specs/compute/32-05/desc/signup/signup.md b/openapi-specs/compute/32-05/desc/signup/signup.md new file mode 100644 index 000000000..05534013f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/signup/signup.md @@ -0,0 +1,8 @@ +Creates the initial admin user after Console is first installed, to help automation of Console setup. +Invoke this endpoint after Prisma Cloud Compute is first installed. + +You can use this endpoint along with other endpoints to automate the Prisma Cloud Compute installation and setup. +For example, see `POST /api/v1/settings/license` to automate the submission of your license key. + +**Note:** This sign up endpoint can only be executed once from Console *or* the API. +Invoking this endpoint after completion of the initial sign up will result in a `400` error response. diff --git a/openapi-specs/compute/32-05/desc/static/capabilities_get.md b/openapi-specs/compute/32-05/desc/static/capabilities_get.md new file mode 100644 index 000000000..ea119d2a9 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/static/capabilities_get.md @@ -0,0 +1,9 @@ +Returns a list of capabilities used in host models. + +```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/static/capabilities +``` diff --git a/openapi-specs/compute/32-05/desc/static/regions_get.md b/openapi-specs/compute/32-05/desc/static/regions_get.md new file mode 100644 index 000000000..4a07097ee --- /dev/null +++ b/openapi-specs/compute/32-05/desc/static/regions_get.md @@ -0,0 +1,9 @@ +Returns a list of regions used in cloud radar. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/static/regions +``` diff --git a/openapi-specs/compute/32-05/desc/static/static.md b/openapi-specs/compute/32-05/desc/static/static.md new file mode 100644 index 000000000..f4a53ca75 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/static/static.md @@ -0,0 +1 @@ +Return lists of constants used throughout the product. diff --git a/openapi-specs/compute/32-05/desc/static/syscalls_get.md b/openapi-specs/compute/32-05/desc/static/syscalls_get.md new file mode 100644 index 000000000..9e2ddcde7 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/static/syscalls_get.md @@ -0,0 +1,10 @@ +Returns a list of the Linux kernel system calls. +Runtime rules for containers can allow-list and deny-list specific system calls. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/static/syscalls +``` diff --git a/openapi-specs/compute/32-05/desc/static/vulnerabilities_get.md b/openapi-specs/compute/32-05/desc/static/vulnerabilities_get.md new file mode 100644 index 000000000..cb6acab28 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/static/vulnerabilities_get.md @@ -0,0 +1,12 @@ +Returns a list of static compliance and vulnerability data. +This data can be used for building out reports with the API. +This data can be correlated with the `/api/v1/images` endpoint, specifically the the `complianceVulnerabilities` and `cveVulnerabilities` objects, to generate more thorough reports. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/static/vulnerabilities +``` + diff --git a/openapi-specs/compute/32-05/desc/stats/app_firewall_count_get.md b/openapi-specs/compute/32-05/desc/stats/app_firewall_count_get.md new file mode 100644 index 000000000..06641d791 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/app_firewall_count_get.md @@ -0,0 +1 @@ +Returns the number of application firewalls in use. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/stats/compliance.md b/openapi-specs/compute/32-05/desc/stats/compliance.md new file mode 100644 index 000000000..5c5be3991 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/compliance.md @@ -0,0 +1,13 @@ +Returns statistics on the number of compliance issues found on hosts/images/serverless/containers in your environment, organized by day (`_id`). This will also return a list of all of the compliance issues affecting the resources in your environment for each day. + +For the current day, the response will also include detailed compliance stats for each running container and host at the time of the last scan. + +The following example command that uses curl and basic auth to retrieve compliance statistics: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/stats/compliance +``` diff --git a/openapi-specs/compute/32-05/desc/stats/compliance_download_get.md b/openapi-specs/compute/32-05/desc/stats/compliance_download_get.md new file mode 100644 index 000000000..63fddf971 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/compliance_download_get.md @@ -0,0 +1 @@ +Downloads the compliance stats \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/stats/compliance_get.md b/openapi-specs/compute/32-05/desc/stats/compliance_get.md new file mode 100644 index 000000000..314f6a179 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/compliance_get.md @@ -0,0 +1,22 @@ +Returns compliance statistics, including: + +* Compliance rate by regulation, CIS benchmark, and policy rule. +* Trend of failed compliance checks over time. +* List of all compliance checks with their corresponding compliance rate. + +This endpoint maps to the table in **Monitor > Compliance > Compliance explorer** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves compliance statistics: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/stats/compliance' +``` + +A successful response returns a summary count of compliance issues. +The response also shows a detailed list of compliance issues for each running container and host. diff --git a/openapi-specs/compute/32-05/desc/stats/compliance_refresh.md b/openapi-specs/compute/32-05/desc/stats/compliance_refresh.md new file mode 100644 index 000000000..b75491a69 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/compliance_refresh.md @@ -0,0 +1,13 @@ +Refreshes the current day's compliance violations counts and list, as well as the affected running resources. + +The response will return exactly what the /statistics/compliance endpoint returns, only with updated statistics for the current day. + +The following example command that uses curl and basic auth to refresh compliance statistics: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/stats/compliance +``` diff --git a/openapi-specs/compute/32-05/desc/stats/compliance_refresh_post.md b/openapi-specs/compute/32-05/desc/stats/compliance_refresh_post.md new file mode 100644 index 000000000..541a54d16 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/compliance_refresh_post.md @@ -0,0 +1,16 @@ +Refreshes the current day's list and counts of compliance issues, as well as the list of affected running resources. + +This endpoint returns the same response as `/api/v/stats/compliance`, but with updated data for the current day. + +### cURL Request + +Refer to the following example cURL command that refreshes compliance statistics for the current day: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + 'https:///api/v/stats/compliance/refresh' +``` +A successful response returns a summary count of compliance issues for the current day. The response also shows a detailed list of compliance issues for each running container and host for the current day. diff --git a/openapi-specs/compute/32-05/desc/stats/daily.md b/openapi-specs/compute/32-05/desc/stats/daily.md new file mode 100644 index 000000000..082f58a27 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/daily.md @@ -0,0 +1,11 @@ +Returns daily statistics about the resources protected by Prisma Cloud Compute, including the total number of generated runtime audits, number of image vulnerabilities and compliance violations, etc. + +The following example command that uses curl and basic auth to retrieve daily stats: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/stats/daily +``` diff --git a/openapi-specs/compute/32-05/desc/stats/daily_get.md b/openapi-specs/compute/32-05/desc/stats/daily_get.md new file mode 100644 index 000000000..0db89bdc3 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/daily_get.md @@ -0,0 +1,11 @@ +Returns a historical list of per-day statistics for the resources protected by Prisma Cloud Compute, including the total number of runtime audits, image vulnerabilities, and compliance violations. + +The following example command uses curl and basic auth to retrieve the daily stats: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/stats/daily +``` diff --git a/openapi-specs/compute/32-05/desc/stats/dashboard.md b/openapi-specs/compute/32-05/desc/stats/dashboard.md new file mode 100644 index 000000000..be90a2d32 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/dashboard.md @@ -0,0 +1,11 @@ +Returns daily statistics about the resources protected by Prisma Cloud Compute, including the total number of generated runtime audits, number of image vulnerabilities and compliance violations, etc. + +The following example command that uses curl and basic auth to retrieve dashboard stats: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/stats/dashboard +``` diff --git a/openapi-specs/compute/32-05/desc/stats/dashboard_get.md b/openapi-specs/compute/32-05/desc/stats/dashboard_get.md new file mode 100644 index 000000000..601769645 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/dashboard_get.md @@ -0,0 +1,13 @@ +Returns statistics about the resources protected by Prisma Cloud Compute, including the total number of runtime audits, image vulnerabilities, and compliance violations. + +### cURL Request + +Refer to the following example cURL command that retrieves dashboard stats: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/stats/dashboard +``` diff --git a/openapi-specs/compute/32-05/desc/stats/events_get.md b/openapi-specs/compute/32-05/desc/stats/events_get.md new file mode 100644 index 000000000..3be5eb4e7 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/events_get.md @@ -0,0 +1,37 @@ +Returns events statistics for your environment. + +### cURL Request + +Refer to the following example cURL command retrieves event stats: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/stats/events +``` + +### Response + + +```json +{ + "containerAppFirewall": 0, + "hostAppFirewall": 0, + "containerRuntime": 0, + "containerNetworkFirewall": 0, + "hostRuntime": 0, + "hostNetworkFirewall": 0, + "hostActivities": 0, + "raspAppFirewall": 0, + "raspRuntime": 0, + "serverlessRuntime": 0, + "logInspection": 0, + "fileIntegrity": 0, + "dockerAccess": 0, + "kubernetesAudits": 0, + "trustAudits": 0 +} +``` + diff --git a/openapi-specs/compute/32-05/desc/stats/license_get.md b/openapi-specs/compute/32-05/desc/stats/license_get.md new file mode 100644 index 000000000..1e7f713ca --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/license_get.md @@ -0,0 +1 @@ +Returns the license stats including the credit per defender. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/stats/stats.md b/openapi-specs/compute/32-05/desc/stats/stats.md new file mode 100644 index 000000000..772f66287 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/stats.md @@ -0,0 +1 @@ +Return vulnerability and compliance stats for your environment. diff --git a/openapi-specs/compute/32-05/desc/stats/vulnerabilities.md b/openapi-specs/compute/32-05/desc/stats/vulnerabilities.md new file mode 100644 index 000000000..40c4dd1f1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/vulnerabilities.md @@ -0,0 +1,13 @@ +Returns statistics on the number of CVEs found on hosts/images/serverless/containers in your environment, organized by day (`_id`). This will also return a list of all of the CVEs affecting the resources in your environment for each day. + +For the current day, the response will also include descriptions of the CVEs currently affecting the resources in your environment. + +The following example command that uses curl and basic auth to retrieve vulnerability statistics: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/stats/vulnerabilities +``` diff --git a/openapi-specs/compute/32-05/desc/stats/vulnerabilities_download_get.md b/openapi-specs/compute/32-05/desc/stats/vulnerabilities_download_get.md new file mode 100644 index 000000000..753af8c7f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/vulnerabilities_download_get.md @@ -0,0 +1,26 @@ +Downloads a list of vulnerabilities (CVEs) in the deployed images, registry images, hosts, and serverless functions affecting your environment in a CSV format. + +The response also includes detailed descriptions for each CVE. The data for each CVE, such as impacted packages, highest severity, and so on, is based on the entire environment irrespective of the collections filter, assigned collections, or assigned accounts. + +You can use filters such as `cvssThreshold`, `severityThreshold`, or `collections` as query parameters to get desired results. + +Consider the following observations: +- You cannot use new filters such as **severityThreshold** and **cvssThreshold** with the **collections** filter or when you're assigned with specific collections or accounts. +- The impacted resources and distribution counts are not retrieved when you apply filters or you are assigned with specific collections or accounts. For example, when you apply these filters, the counts in the API `/stats/vulnerabilities` are returned as zero and empty in the API `/stats/vulnerabilites/download`. + +* **cvssThresold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher. +* **severityThreshold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher. +* **collections**: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name. + +### cURL Request + +Refer to the following example cURL command that downloads a summary count of the CVEs and detailed descriptions for each CVE in a CSV format: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + - o \ + 'https:///api/v/stats/vulnerabilities/download' +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/stats/vulnerabilities_get.md b/openapi-specs/compute/32-05/desc/stats/vulnerabilities_get.md new file mode 100644 index 000000000..1a6f1c152 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/vulnerabilities_get.md @@ -0,0 +1,31 @@ +Returns a list of vulnerabilities (CVEs) in the deployed images, registry images, hosts, and serverless functions affecting your environment. + +The response also includes detailed descriptions for each CVE. The data for each CVE, such as impacted packages, highest severity, and so on, is based on the entire environment irrespective of the collections filter, assigned collections, or assigned accounts. + +This endpoint maps to the table in **Monitor > Vulnerabilities > Vulnerability explorer** in the Console UI. + +You can use filters such as `cvssThreshold`, `severityThreshold`, or `collections` as query parameters to get desired results. + +Consider the following observations: +- You cannot use new filters such as **severityThreshold** and **cvssThreshold** with the **collections** filter or when you're assigned with specific collections or accounts. +- The impacted resources and distribution counts are not retrieved when you apply filters or you are assigned with specific collections or accounts. For example, when you apply these filters, the counts in the API `/stats/vulnerabilities` are returned as zero and empty in the API `/stats/vulnerabilites/download`. + +* **cvssThresold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher. +* **severityThreshold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher. +* **collections**: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name. + +### cURL Request + +Refer to the following example cURL command that retrieves a summary count of the CVEs and detailed descriptions for each CVE: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/stats/vulnerabilities' +``` + +### cURL Response + +A successful response returns a summary count of the CVEs and detailed descriptions for each CVE. diff --git a/openapi-specs/compute/32-05/desc/stats/vulnerabilities_impacted_resources_download_get.md b/openapi-specs/compute/32-05/desc/stats/vulnerabilities_impacted_resources_download_get.md new file mode 100644 index 000000000..0821d6a9f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/vulnerabilities_impacted_resources_download_get.md @@ -0,0 +1,24 @@ +Downloads a list of impacted resources for a specific vulnerability in a CSV format. +This endpoint returns a list of all deployed images, registry images, hosts, and serverless functions affected by a given CVE. + +You can use filters such as `cvssThreshold`, `severityThreshold`, or `collections` as query parameters to get desired results. + +Consider the following observations: +- You cannot use new filters such as **severityThreshold** and **cvssThreshold** with the **collections** filter or when you're assigned with specific collections or accounts. + +* **cvssThresold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher. +* **severityThreshold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher. +* **collections**: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name. + +### cURL Request + +Refer to the following example cURL command that downloads a list of impacted resources for `CVE-2015-0313` in a CSV format: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + "https:///api/v/stats/vulnerabilities/impacted-resources/download?cve=CVE-2015-0313" +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/stats/vulnerabilities_impacted_resources_get.md b/openapi-specs/compute/32-05/desc/stats/vulnerabilities_impacted_resources_get.md new file mode 100644 index 000000000..c1e6d0ba2 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/vulnerabilities_impacted_resources_get.md @@ -0,0 +1,116 @@ +Generates a list of impacted resources for a specific vulnerability. +This endpoint returns a list of all deployed images, registry images, hosts, and serverless functions affected by a given CVE. + +Prisma Cloud Compute recalculates the stats for your environment every 24 hours. +Alternatively, you can manually update the stats by clicking the Refresh button in Vulnerability Explorer. + +You can use filters such as `cvssThreshold`, `severityThreshold`, or `collections` as query parameters to get desired results. + +Consider the following observations: +- You cannot use new filters such as **severityThreshold** and **cvssThreshold** with the **collections** filter or when you're assigned with specific collections or accounts. + +* **cvssThresold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher. +* **severityThreshold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher. +* **collections**: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name. + +### cURL Request + +Refer to the following example cURL command that retrieves a list of impacted resources for `CVE-2022-28391`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/stats/vulnerabilities/impacted-resources?cve=CVE-2022-28391' +``` +### cURL Response + +Refer to the following example JSON response that shows the risk tree for the impacted resources: + +```bash +{ + "_id": "CVE-2022-28391", + "images": [ + { + "resourceID": "sha256:a787cb9865032e5b5a407ecdf34b57a23a4a076aaa043d71742ddb6726ec9229", + "containers": [ + { + "image": "alpine:3.11", + "container": "mystifying_banzai", + "host": "jen-sle12-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal", + "factors": { + "rootPrivilege": true + } + }, + { + "image": "alpine:3.11", + "container": "compassionate_austin", + "host": "jen-sle15-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal", + "factors": { + "rootPrivilege": true + } + }, + ... + }, + { + "resourceID": "sha256:fcd5d51fc526ef1ff7cf2e94aa91be39d052874057ff603b66b9b461386fae93", + "containers": [ + { + "image": "infoslack/dvwa:latest", + "factors": {} + } + ] + }, + { + "resourceID": "sha256:bc6b65772f298854ea0dca7d562684cb835f2f677e0e2ea1863b4566f29dcac1", + "containers": [ + { + "image": "ghcr.io/christophetd/log4shell-vulnerable-app:latest", + "factors": {} + } + ] + }, + ... + ], + "hosts": [ + { + "resourceID": "jen-ubu2204-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal" + }, + { + "resourceID": "jen-ubu2004-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal" + }, + ... + ], + "imagesCount": 5, + "hostsCount": 21, + "functionsCount": 0, + "codeReposCount": 0, + "registryImagesCount": 0 +} +``` + +### cURL Request + +Refer to the following example cURL command that retrieves a the impacted registry images `CVE-2015-0313` by using an optional query parameter `resourceType`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/stats/vulnerabilities/impacted-resources?cve=CVE-2015-0313&resourceType=registryImage' +``` +**Note**: The API returns the impacted registry images only when you use the optional `resourceType` parameter with value `registryImage`. + +### cURL Request + +Refer to the following example cURL command that retrieves a paginated list of impacted resources for `CVE-2015-0313` by using optional query parameters `limit` and `offset`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/stats/vulnerabilities/impacted-resources?cve=CVE-2015-0313&offset=10&limit=100' +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/stats/vulnerabilities_refresh.md b/openapi-specs/compute/32-05/desc/stats/vulnerabilities_refresh.md new file mode 100644 index 000000000..505a99d98 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/vulnerabilities_refresh.md @@ -0,0 +1,13 @@ +Refreshes the current day's CVE counts and CVE list, as well as their descriptions. + +The response will return exactly what the /statistics/vulnerabilities endpoint returns, only with updated statistics for the current day. + +The following example command that uses curl and basic auth to refresh vulnerability statistics: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/stats/vulnerabilities/refresh +``` diff --git a/openapi-specs/compute/32-05/desc/stats/vulnerabilities_refresh_post.md b/openapi-specs/compute/32-05/desc/stats/vulnerabilities_refresh_post.md new file mode 100644 index 000000000..1e3210e18 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/vulnerabilities_refresh_post.md @@ -0,0 +1,16 @@ +Refreshes the current day's CVE counts and CVE list, as well as their descriptions. + +This endpoint returns the same response as `/api/v/stats/vulnerabilities`, but with updated data for the current day. + +### cURL Request + +Refer to the following example cURL command that refreshes the vulnerability statistics for current day: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + 'https:///api/v/stats/vulnerabilities/refresh' +``` +A successful response returns a summary count of the CVEs and detailed descriptions for each CVE for the current day. diff --git a/openapi-specs/compute/32-05/desc/stats/workload_get.md b/openapi-specs/compute/32-05/desc/stats/workload_get.md new file mode 100644 index 000000000..a25deed5c --- /dev/null +++ b/openapi-specs/compute/32-05/desc/stats/workload_get.md @@ -0,0 +1,23 @@ +Returns the workload statistics from Console. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/stats/workload +``` + +Here is an example of when would be returned: + +```json +{ + "Timestamp": "0001-01-01T00:00:00Z", + "HourSamples": 0, + "HourAvg": 0, + "DailySamples": null, + "exceeded": false, + "avg": 0, + "msg": "" +} +``` diff --git a/openapi-specs/compute/32-05/desc/statuses/buildah_get.md b/openapi-specs/compute/32-05/desc/statuses/buildah_get.md new file mode 100644 index 000000000..764b5413e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/statuses/buildah_get.md @@ -0,0 +1 @@ +Returns the buildah status. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/statuses/intelligence.md b/openapi-specs/compute/32-05/desc/statuses/intelligence.md new file mode 100644 index 000000000..74da8c7ff --- /dev/null +++ b/openapi-specs/compute/32-05/desc/statuses/intelligence.md @@ -0,0 +1,11 @@ +Returns the connection status of the intelligence stream and the last intelligence stream update. + +The following is an example curl using basic auth to find the intelligence stream status: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/statuses/intelligence +``` diff --git a/openapi-specs/compute/32-05/desc/statuses/intelligence_get.md b/openapi-specs/compute/32-05/desc/statuses/intelligence_get.md new file mode 100644 index 000000000..c18dd9611 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/statuses/intelligence_get.md @@ -0,0 +1,11 @@ +Returns the connection status for the Intelligence Stream, along with the time of the last update. + +The following is an example curl using basic auth to find the intelligence stream status: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/statuses/intelligence +``` diff --git a/openapi-specs/compute/32-05/desc/statuses/registry_get.md b/openapi-specs/compute/32-05/desc/statuses/registry_get.md new file mode 100644 index 000000000..427c4915c --- /dev/null +++ b/openapi-specs/compute/32-05/desc/statuses/registry_get.md @@ -0,0 +1,29 @@ +Returns the status of a regular registry scan that might include the following information: +- Scan is completed: `"completed": true` +- Scan is ongoing. +- Errors: 10 most recent aggregated errors that occured during the scan with error messages such as: + - "Failed to retrieve repositories info..." + - "Failed to query image details..." + - "No available Defender was found" + +To view the more details about the progress of a regular or on-demand registry scan, use the `/registry/progress` API endpoint. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/statuses/registry +``` +### Response + +```json +{ + "scanTime": "2019-07-31T19:42:49.036311567Z", + "completed": true +} +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/statuses/secrets_get.md b/openapi-specs/compute/32-05/desc/statuses/secrets_get.md new file mode 100644 index 000000000..510f15161 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/statuses/secrets_get.md @@ -0,0 +1,11 @@ +Returns the connection status of any secret stores you have configured, as well as the last update to the secret store. + +The following is an example curl using basic auth to find the secret store status: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/statuses/secrets +``` diff --git a/openapi-specs/compute/32-05/desc/statuses/serverless-radar_get.md b/openapi-specs/compute/32-05/desc/statuses/serverless-radar_get.md new file mode 100644 index 000000000..3bfdbb5bf --- /dev/null +++ b/openapi-specs/compute/32-05/desc/statuses/serverless-radar_get.md @@ -0,0 +1,9 @@ +Returns the status of the serverless scans. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/statuses/serverless-radar +``` diff --git a/openapi-specs/compute/32-05/desc/statuses/statuses.md b/openapi-specs/compute/32-05/desc/statuses/statuses.md new file mode 100644 index 000000000..c5f68b29e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/statuses/statuses.md @@ -0,0 +1 @@ +Return connection and scan statuses for the various Prisma Cloud Compute subsystems. diff --git a/openapi-specs/compute/32-05/desc/tags/get.md b/openapi-specs/compute/32-05/desc/tags/get.md new file mode 100644 index 000000000..6da7ad135 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/tags/get.md @@ -0,0 +1,14 @@ +Retrieves a list of tags. + +### cURL Request + +Refer to the following example cURL command that retrieves a list of tags: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/tags" +``` +A successful response returns a list of defined tags. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/tags/img/CentOS-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png b/openapi-specs/compute/32-05/desc/tags/img/CentOS-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png new file mode 100644 index 000000000..ae8deb86f Binary files /dev/null and b/openapi-specs/compute/32-05/desc/tags/img/CentOS-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png differ diff --git a/openapi-specs/compute/32-05/desc/tags/img/CentOS-Vuln-Bin-Package-Info.png b/openapi-specs/compute/32-05/desc/tags/img/CentOS-Vuln-Bin-Package-Info.png new file mode 100644 index 000000000..0fb452cde Binary files /dev/null and b/openapi-specs/compute/32-05/desc/tags/img/CentOS-Vuln-Bin-Package-Info.png differ diff --git a/openapi-specs/compute/32-05/desc/tags/img/Tagged-Vulnerability.png b/openapi-specs/compute/32-05/desc/tags/img/Tagged-Vulnerability.png new file mode 100644 index 000000000..f289b080c Binary files /dev/null and b/openapi-specs/compute/32-05/desc/tags/img/Tagged-Vulnerability.png differ diff --git a/openapi-specs/compute/32-05/desc/tags/img/Tagging-only-Vulnerability.png b/openapi-specs/compute/32-05/desc/tags/img/Tagging-only-Vulnerability.png new file mode 100644 index 000000000..b7425204d Binary files /dev/null and b/openapi-specs/compute/32-05/desc/tags/img/Tagging-only-Vulnerability.png differ diff --git a/openapi-specs/compute/32-05/desc/tags/img/Ubuntu-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png b/openapi-specs/compute/32-05/desc/tags/img/Ubuntu-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png new file mode 100644 index 000000000..067d1bd30 Binary files /dev/null and b/openapi-specs/compute/32-05/desc/tags/img/Ubuntu-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png differ diff --git a/openapi-specs/compute/32-05/desc/tags/img/Ubuntu-Vuln-Bin-Package-Info.png b/openapi-specs/compute/32-05/desc/tags/img/Ubuntu-Vuln-Bin-Package-Info.png new file mode 100644 index 000000000..67e9a2001 Binary files /dev/null and b/openapi-specs/compute/32-05/desc/tags/img/Ubuntu-Vuln-Bin-Package-Info.png differ diff --git a/openapi-specs/compute/32-05/desc/tags/name_delete.md b/openapi-specs/compute/32-05/desc/tags/name_delete.md new file mode 100644 index 000000000..2ed010e57 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/tags/name_delete.md @@ -0,0 +1,14 @@ +Deletes a tag from the system. + +### cURL Request + +Refer to the following example cURL command that deletes a tag named *my tag*: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + "https:///api/v/tags/my%20tag" +``` +A space must be encoded with the value `%20` as specified here in [unsafe characters in a URL](https://www.ietf.org/rfc/rfc1738.txt). \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/tags/name_put.md b/openapi-specs/compute/32-05/desc/tags/name_put.md new file mode 100644 index 000000000..cbaea40d3 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/tags/name_put.md @@ -0,0 +1,23 @@ +Updates the parameters in a given tag. + +You must define all parameters in your PUT request. + +**Note:** `""` (an empty string) is automatically assigned for any unspecified field. + +### cURL Request + +Refer to the following example cURL command that updates the parameters in a tag named `my_tag`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d \ +'{ + "name": "my_tag2", + "color": "#ff0000", + "description": "A super cool tag" + }' \ + "https:///api/v/tags/my_tag" +``` diff --git a/openapi-specs/compute/32-05/desc/tags/post.md b/openapi-specs/compute/32-05/desc/tags/post.md new file mode 100644 index 000000000..d55ae8b96 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/tags/post.md @@ -0,0 +1,22 @@ +Creates a tag that helps you manage the vulnerabilities in your environment. +You can use tags as policy exceptions or assign them to vulnerabilities for action. + +**Note:** `""` (an empty string) is automatically assigned for any unspecified field. + +### cURL Request + +Refer to the following example cURL command that creates a tag named "my-tag": + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "name": "my-tag", + "color": "#ff0000", + "description": "A test collection" + }' \ + "https:///api/v/tags" +``` diff --git a/openapi-specs/compute/32-05/desc/tags/tag_cve_delete.md b/openapi-specs/compute/32-05/desc/tags/tag_cve_delete.md new file mode 100644 index 000000000..8caed79cf --- /dev/null +++ b/openapi-specs/compute/32-05/desc/tags/tag_cve_delete.md @@ -0,0 +1,20 @@ +Removes a tag from a vulnerability. +When you delete a tag, the tag is deleted from a wider scope. All the packages and resources that were in scope will be untagged. + +### cURL Request + +Refer to the following example cURL command that removes the tag named `ignored` from the CVE `CVE-2017-15088`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + -d \ +'{ + "id": "CVE-2017-15088", + "packageName": "krb5" + }' \ + "https:///api/v/tags/ignored/vuln" +``` + diff --git a/openapi-specs/compute/32-05/desc/tags/tag_cve_post.md b/openapi-specs/compute/32-05/desc/tags/tag_cve_post.md new file mode 100644 index 000000000..966a80bd8 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/tags/tag_cve_post.md @@ -0,0 +1,169 @@ +Sets a tag to a vulnerability based on Common Vulnerability and Exposures (CVE) ID, package, and resource. + +**Consider the following scenarios**: + - When you apply a tag to a vulnerability only on a package, the tag applies to the vulnerability in all the resources related to it. + - When you apply a tag only to a vulnerability, the tag applies to the vulnerability in all the packages and resources related to it. + - When you apply a tag to a vulnerability on a resource type, specify the scope of the resources using either a wildcard "*" or resource names. + +A vulnerability can be found in a source package or a binary package. +The vulnerability feed reports CVE data either on source packages or binary packages. +For example, Debian and Ubuntu report CVEs on the source package, while RHEL reports on binary packages. + +**Source package:** Provides all the necessary files to compile or build the desired piece of software. For more information, see [Source Package](https://wiki.debian.org/Packaging/SourcePackage). + +**Binary package:** Built from a source package. There could be multile binary packages that are built from a source package. +For example, `perl` is a source package, and you can build different binary packages such as `libperl-dev`, `perl`, or `perl-base`. For more information, see [Perl](https://packages.ubuntu.com/source/focal/perl). + +Prisma Cloud ingests all the various distro vulnerability feeds, and normalizes them so that they can be used uniformly across the product. + +The **package info** tab shows both source and binary package fields in a vulnerability report. + +Refer to the following parameter descriptions: +- **id**: `Required` Specifies the Common Vulnerability and Exposures (CVE) ID. +- **packageName**: `Required` Specifies the source or the binary package name where the vulnerability is found. +Specify the source package name for tagging when the vulnerability is found in the source package. +Use the wildcard `*` to apply the tag to all the packages where the vulnerability is found. +- **resourceType**: Specifies the resource type for tagging where the vulnerability is found. +Use the wildcard `*` to apply the tag to all the resource types where the vulnerability is found. +The available values are: `image`, `host`, `function`, `codeRepo`, and `""`. +- **resources**: `Required when you define the resource type.` Specifies the resource for tagging where the vulnerability is found. +Either specify the resource names separated by a comma or use the wildcard `*` to apply the tag to all the resources where the vulnerability is found. +- **checkBaseLayer**: `Applies only to the resource type image.` Checks for the base image in the resources and whether to tag those resources. +- **comment**: Adds a comment. + +Consider the following scenarios for source and binary packages: + +- Debian or Ubuntu lists the binary packages and source packages. + A CVE-2020-16156 is found in a binary package `perl-base` and source package `perl` in Ubuntu 20.04.3 LTS distro. + + ![Package information](https://cdn.twistlock.com/docs/api/Ubuntu-Vuln-Bin-Package-Info.png) + + The parameter *packageName* in the endpoint accepts only the source package name for tagging if a source package is available. + + ### cURL Request + + Refer to the following example cURL command that tags `Ignored` to the CVE `CVE-2020-16156` on the source package `perl`: + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "id": "CVE-2020-16156", + "packageName": "perl" + }' \ + "https:///api/v/tags/Ignored/vuln" + ``` + Refer to the following image that displays the tagged vulnerability: + + ![Tagged vulnerability in Ubuntu](https://cdn.twistlock.com/docs/api/Ubuntu-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png) + +- The RPM package lists CVEs on the available binary packages and not the source packages. + A CVE `CVE-2021-20305` found in only `gnutls` binary package in CentOS Linux Release 8.4.2105. + + ![Package information](https://cdn.twistlock.com/docs/api/CentOS-Vuln-Bin-Package-Info.png) + + Use the binary package name for tagging only when the source package is not available or NULL. + + ### cURL Request + + Refer to the following example cURL command that tags `Ignored` to the CVE `CVE-2021-20305` on the binary package `gnutls`: + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "id": "CVE-2021-20305", + "packageName": "gnutls" + }' \ + "https:///api/v/tags/Ignored/vuln" + ``` + Refer to the following image that displays the tagged vulnerability: + + ![Tagged vulnerability in CentOS](https://cdn.twistlock.com/docs/api/CentOS-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png) + +Consider the following scenarios when you want to tag a vulnerability to all packages and resources related to it: + +- A CVE `CVE-2020-16156` is found in several packages such as `perl`, `perl-open`, `perl-macros`, `perl-libs`, and so on. You want to apply a tag `Ignored` to all the packages and resources. + + ![CVE information](https://cdn.twistlock.com/docs/api/Tagging-Only-Vulnerability.png) + + ### cURL Request + + Refer to the following example cURL command that tags `Ignored` to the CVE `CVE-2020-16156`: + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "id": "CVE-2020-16156", + "packageName": "*" + }' \ + "https:///api/v/tags/Ignored/vuln" + ``` + Refer to the following image that displays the tagged vulnerability: + + ![Tagged vulnerability](https://cdn.twistlock.com/docs/api/Tagged-Vulnerability.png) + +- A CVE `CVE-2020-16156` is found in several packages such as `perl`, `perl-open`, `perl-macros`, `perl-libs`, and so on. You want to apply a tag `Ignored` to the resource type `image` but to all the packages and resources. + +### cURL Request + + Refer to the following example cURL command that tags `Ignored` to the CVE `CVE-2020-16156` on the resource type `image` and to all the packages and resources. + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "id": "CVE-2020-16156", + "packageName": "*", + "resourceType": "image", + "resources": ["*"] + }' \ + "https:///api/v/tags/Ignored/vuln" + ``` +- A CVE `CVE-2020-16156` is found in several packages such as `perl`, `perl-open`, `perl-macros`, `perl-libs`, and so on. You want to apply a tag `Ignored` to the resource type `host`and resource `servo-vmware71` but to all the packages. + +### cURL Request + + Refer to the following example cURL command that tags `Ignored` to the CVE `CVE-2020-16156` on the resource type `host`, resource `servo-vmware71`, and to all the packages. + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "id": "CVE-2020-16156", + "packageName": "*", + "resourceType": "host", + "resources": ["servo-vmware71"] + }' \ + "https:///api/v/tags/Ignored/vuln" + ``` + +*Note:* A tag assignment is identified by the combination of the `id`, `packageName`, `resourceType`, and `tag` fields. Invoking the endpoint again for an existing tag assignment overrides the existing tag assignment for the resource. For example, invoking the endpoint consecutively with the following values: +1. `{"id":"CVE-1","packageName":"pkg","resourceType":"image","resources":["library/python:latest"],"tag":"In progress"}` +2. `{"id":"CVE-1","packageName":"pkg","resourceType":"image","resources":["library/python:latest"],"tag":"New Tag"}` +3. `{"id":"CVE-1","packageName":"pkg","resourceType":"host","resources":["devbox"],"tag":"New Tag"}` +4. `{"id":"CVE-1","packageName":"pkg","resourceType":"image","resources":["node:latest"],"tag":"New Tag"}` + + +Will result in the following tag assignments: +1. The first invocation creates the entry: "In progress", "CVE-1", "pkg", "image", "library/python:latest" +2. The second invocation creates a second (new) entry: "New Tag", "CVE-1", "pkg","image", "library/python:latest" +3. The third invocation creates a third (new) entry: "New Tag", "CVE-1", "pkg","host", "devbox" +4. The fourth invocation overrides the second entry with the following values: "New Tag", "CVE-1", "pkg", "image", "node:latest" + diff --git a/openapi-specs/compute/32-05/desc/tags/tags.md b/openapi-specs/compute/32-05/desc/tags/tags.md new file mode 100644 index 000000000..5da0bf726 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/tags/tags.md @@ -0,0 +1 @@ +Tags are predefined labels that help you manage your vulnerabilities via the Console UI and Prisma Cloud Compute API. diff --git a/openapi-specs/compute/32-05/desc/tas-droplets/download_get.md b/openapi-specs/compute/32-05/desc/tas-droplets/download_get.md new file mode 100644 index 000000000..6372f0b35 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/tas-droplets/download_get.md @@ -0,0 +1,18 @@ +Downloads scan reports for Tanzu Application Service (TAS) droplets in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Vulnerabilities > VMware Tanzu blobstore** in the Console UI. + +### cURL Request + +The following cURL command downloads all TAS droplets to a CSV file called `tas_droplets.csv`: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/tas-droplets/download \ + > tas_droplets.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/32-05/desc/tas-droplets/get.md b/openapi-specs/compute/32-05/desc/tas-droplets/get.md new file mode 100644 index 000000000..dd2b44993 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/tas-droplets/get.md @@ -0,0 +1,20 @@ +Retrieves scan reports for Tanzu Application Service (TAS) droplets. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to the table in **Monitor > Vulnerabilities > VMware Tanzu blobstore** in the Console UI. + +### cURL Request + +The following cURL command retrieves all TAS droplets. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/tas-droplets \ +``` + +A successful response returns all TAS droplets. diff --git a/openapi-specs/compute/32-05/desc/tas-droplets/get_tas_addresses.md b/openapi-specs/compute/32-05/desc/tas-droplets/get_tas_addresses.md new file mode 100644 index 000000000..91ebb2e50 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/tas-droplets/get_tas_addresses.md @@ -0,0 +1,17 @@ +Gets the Cloud Controller Addresses of scanned Tanzu Application Service (TAS) droplets.\n + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + + +### cURL Request + +The following cURL command retrieves the Cloud Controller Addresses of scanned TAS droplets. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/tas-droplets/addresses \ +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/tas-droplets/progress_get.md b/openapi-specs/compute/32-05/desc/tas-droplets/progress_get.md new file mode 100644 index 000000000..504a21e84 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/tas-droplets/progress_get.md @@ -0,0 +1,13 @@ +Returns the details of the TAS Droplets ongoing scan. + +### cURL Request + +Refer to the following cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/tas-droplets/progress" +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/tas-droplets/scan_post.md b/openapi-specs/compute/32-05/desc/tas-droplets/scan_post.md new file mode 100644 index 000000000..aad2174af --- /dev/null +++ b/openapi-specs/compute/32-05/desc/tas-droplets/scan_post.md @@ -0,0 +1,13 @@ +Scans the TAS Droplets. + +### cURL Request + +Refer to the following cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/tas-droplets/scan" +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/tas-droplets/stop_post.md b/openapi-specs/compute/32-05/desc/tas-droplets/stop_post.md new file mode 100644 index 000000000..5f5a019b1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/tas-droplets/stop_post.md @@ -0,0 +1,13 @@ +Stops the ongoing scan of TAS Droplets. + +### cURL Request + +Refer to the following cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/tas-droplets/stop" +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/trust/data_get.md b/openapi-specs/compute/32-05/desc/trust/data_get.md new file mode 100644 index 000000000..dd55d47a3 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/trust/data_get.md @@ -0,0 +1,277 @@ +Returns the trusted registries, repositories, and images. + +## cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/trust/data +``` + +## cURL Response + +Refer to the following example response: + +```bash +$ { + "policy": { + "_id": "trust", + "enabled": false, + "rules": [ + { + "modified": "2023-05-11T09:24:33.936Z", + "owner": "ss", + "name": "Copy of combined", + "previousName": "", + "disabled": true, + "allowedGroups": [ + "by_cluster" + ], + "deniedGroups": [ + "by_host" + ], + "collections": [ + { + "hosts": [ + "ss-ubu2204-dock-0905t072802-cont-def-pre-lngcon443.c.example-247119.internal" + ], + "images": [ + "*" + ], + "labels": [ + "*" + ], + "containers": [ + "*" + ], + "functions": [ + "*" + ], + "namespaces": [ + "*" + ], + "appIDs": [ + "*" + ], + "accountIDs": [ + "*" + ], + "codeRepos": [ + "*" + ], + "clusters": [ + "*" + ], + "name": "trust_by_host", + "owner": "ss", + "modified": "2023-05-11T09:17:17.556Z", + "color": "#D64CA8", + "system": false, + "prisma": false + } + ], + "effect": "alert" + }, + { + "modified": "2023-05-11T09:24:13.952Z", + "owner": "ss", + "name": "combined", + "previousName": "", + "disabled": true, + "allowedGroups": [ + "by_cluster" + ], + "deniedGroups": [ + "by_host" + ], + "collections": [ + { + "hosts": [ + "jen-ubu2204-dock-0905t072802-cont-def-pre-lngcon443.c.twistlock-test-247119.internal" + ], + "images": [ + "*" + ], + "labels": [ + "*" + ], + "containers": [ + "*" + ], + "functions": [ + "*" + ], + "namespaces": [ + "*" + ], + "appIDs": [ + "*" + ], + "accountIDs": [ + "*" + ], + "codeRepos": [ + "*" + ], + "clusters": [ + "*" + ], + "name": "trust_by_host", + "owner": "ss", + "modified": "2023-05-11T09:17:17.556Z", + "color": "#D64CA8", + "system": false, + "prisma": false + } + ], + "effect": "alert" + }, + { + "modified": "2023-05-10T19:05:27.651Z", + "owner": "ss", + "name": "Default - alert all", + "previousName": "", + "collections": [ + { + "hosts": [ + "*" + ], + "images": [ + "*" + ], + "labels": [ + "*" + ], + "containers": [ + "*" + ], + "functions": [ + "*" + ], + "namespaces": [ + "*" + ], + "appIDs": [ + "*" + ], + "accountIDs": [ + "*" + ], + "codeRepos": [ + "*" + ], + "clusters": [ + "*" + ], + "name": "All", + "owner": "system", + "modified": "2023-05-09T07:00:08.761Z", + "color": "#3FA2F7", + "description": "System - all resources collection", + "system": true, + "prisma": false + } + ], + "effect": "alert" + } + ] + }, + "groups": [ + { + "modified": "2023-05-10T19:08:34.893Z", + "owner": "mbarash", + "name": "", + "previousName": "", + "_id": "by_host", + "images": [ + "alpine:*" + ] + }, + { + "modified": "2023-05-10T19:16:46.886Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "by_cluster", + "images": [ + "registry.k8s.io/etcd:*" + ] + }, + { + "modified": "2023-05-11T09:11:54.683Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "by_image", + "images": [ + "node:*" + ] + }, + { + "modified": "2023-05-11T09:21:23.54Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "by_registry", + "images": [ + "mcr.azk8s.cn/*" + ] + }, + { + "modified": "2023-05-11T09:22:13.522Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "by_repository", + "images": [ + "python:*" + ] + }, + { + "modified": "2023-05-11T09:22:47.854Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "bu_layer_automated", + "layers": [ + "sha256:a0d44e5352dcb84bca48b6ee3d30a9ec91b5e6eb6793747e06d2454d360a9338", + "sha256:5ad177daa048ca8b354b9ad03deac863ff519a2860a35dc9fdc0011619aacc3c", + "sha256:543bb037d9827e706ea0ee9277e56ff916439a114fa56c520ac7dcaf6daae84a", + "sha256:efd3b1563a816d85c6414e0c139691df720c34d6f65abaa19819d37b11459b40", + "sha256:bc30bde5a6578b9643d05dd47105414777adadaf5df93b493eff1785e1e07328", + "sha256:77e7191206a99af5cf1718885fb45262c2e2da30ad650c5868dfa3c54739c24a", + "sha256:4fcf730353158873699670f97f2556942ff470c360539ff9283d80c72f275030", + "sha256:d1a8d814c41eab7ee00b94a9184f081bf4c36721d559c5b349b9653bd473d8a0" + ] + }, + { + "modified": "2023-05-11T09:23:21.338Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "by_manual_manual", + "layers": [ + "sha256:05f4935ad90ae437375c64090af07a6232bfeffc9f311e3e315919627c542ac9", + "sha256:5aea01ea0a0f088b7844c169b9b8fd5ea034a21b4aa075ae3c54a1cb64138b93", + "sha256:d8183b2c9c73e92b3569c8c77f05a245d1d4a58c3d3f23e740ea4f69c5e8d8f4", + "sha256:ee50c22fdf6c99affec8690f7ef820f0e8cd19f4ece9a32503cdcf59a391514d" + ] + }, + { + "modified": "2023-05-11T12:41:27.885Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "ss_test", + "images": [ + "kuku:*", + "example/cves:*" + ] + } + ] +} +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/trust/data_put.md b/openapi-specs/compute/32-05/desc/trust/data_put.md new file mode 100644 index 000000000..0e6a0ba49 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/trust/data_put.md @@ -0,0 +1,32 @@ +Updates a trusted image to the system. +Specify trusted images using either the image name or layers properties. + +## cURL Request + +Refer to the following example cURL command that uses basic auth to specify that the Ubuntu 16.04 image on Docker Hub is a trusted image: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{"image":"ubuntu/16.04", "_id":"docker-ubuntu-group"}' \ + https:///api/v/trust/data +``` + +To edit a trust group based on image base layers, use PUT to specify a list of SHA256 hashes for the layers that are trusted. + +Refer to the following example that specifies the Ubuntu 16.04 image is a trusted base OS. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{"layers":"["sha256:a94e0d5a7c404d0e6fa15d8cd4010e69663bd8813b5117fbad71365a73656df9", + "sha256:88888b9b1b5b7bce5db41267e669e6da63ee95736cb904485f96f29be648bfda", + "sha256:52f389ea437ebf419d1c9754d0184b57edb45c951666ee86951d9f6afd26035e", + "sha256:52a7ea2bb533dc2a91614795760a67fb807561e8a588204c4858a300074c082b", + "sha256:db584c622b50c3b8f9b8b94c270cc5fe235e5f23ec4aacea8ce67a8c16e0fbad"]", "_id":"docker-ubuntu-group"}' \ + "https:///api/v/trust/data" +``` diff --git a/openapi-specs/compute/32-05/desc/trust/get.md b/openapi-specs/compute/32-05/desc/trust/get.md new file mode 100644 index 000000000..1226cd0a3 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/trust/get.md @@ -0,0 +1,11 @@ +Retrieves a list of all trusted images. + +The following example curl command uses basic auth to retrieve all trusted images: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/trust +``` diff --git a/openapi-specs/compute/32-05/desc/trust/id_delete.md b/openapi-specs/compute/32-05/desc/trust/id_delete.md new file mode 100644 index 000000000..b3114775f --- /dev/null +++ b/openapi-specs/compute/32-05/desc/trust/id_delete.md @@ -0,0 +1,12 @@ +Deletes an image trust group. Specify the image trust group to be deleted by the `_id`. + +The following example curl command uses basic auth to specify a image trust group for deletion with the handle `docker-ubuntu-group`. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/trust/docker-ubuntu-group +``` diff --git a/openapi-specs/compute/32-05/desc/trust/id_put.md b/openapi-specs/compute/32-05/desc/trust/id_put.md new file mode 100644 index 000000000..44d2c8b8b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/trust/id_put.md @@ -0,0 +1,18 @@ +Updates the properties of an existing trusted image entry. + +In the request payload, specify either the `_id` or image name. +The trusted group ID needs to be specified in request payload. + +On success, this method returns the handle (unique ID) for the modified entry. +For more information about handles, see the `_id` in the response body for the GET method. + +The following example curl command uses basic auth to modify the image property for an existing trusted image entry, where the handle for the entry is `docker-ubuntu-group`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{"image":"ubuntu/18.04", "_id":"docker-ubuntu-group"}' \ + https://:8083/api/v1/trust/docker-ubuntu-group +``` diff --git a/openapi-specs/compute/32-05/desc/trust/learn_get.md b/openapi-specs/compute/32-05/desc/trust/learn_get.md new file mode 100644 index 000000000..d8a3414d0 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/trust/learn_get.md @@ -0,0 +1,9 @@ +Returns the state of the trusted images model. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/trust/learn +``` diff --git a/openapi-specs/compute/32-05/desc/trust/learn_post.md b/openapi-specs/compute/32-05/desc/trust/learn_post.md new file mode 100644 index 000000000..094817738 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/trust/learn_post.md @@ -0,0 +1,10 @@ +Sets the state of trusted images model. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"state":"learning"}' + https://:8083/api/v1/trust/learn +``` diff --git a/openapi-specs/compute/32-05/desc/trust/post.md b/openapi-specs/compute/32-05/desc/trust/post.md new file mode 100644 index 000000000..1072275a1 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/trust/post.md @@ -0,0 +1,32 @@ +Adds a trusted image to the system. +Specify trusted images using either the image name or layers properties. + +On success, this method returns the `_id` for the image trust group. +For more information about handles, see the `_id` key in the response body for the GET method. + +The following example curl command uses basic auth to specify that the Ubuntu 16.04 image on Docker Hub is a trusted image. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"image":"ubuntu/16.04", "_id":"docker-ubuntu-group"}' \ + https://:8083/api/v1/trust +``` + +To create a trust group based on image base layers, POST a list of SHA256 hashes for the layers that are trusted. +The following example specifies the Ubuntu 16.04 image is a trusted base OS. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"layers":"["sha256:a94e0d5a7c404d0e6fa15d8cd4010e69663bd8813b5117fbad71365a73656df9", + "sha256:88888b9b1b5b7bce5db41267e669e6da63ee95736cb904485f96f29be648bfda", + "sha256:52f389ea437ebf419d1c9754d0184b57edb45c951666ee86951d9f6afd26035e", + "sha256:52a7ea2bb533dc2a91614795760a67fb807561e8a588204c4858a300074c082b", + "sha256:db584c622b50c3b8f9b8b94c270cc5fe235e5f23ec4aacea8ce67a8c16e0fbad"]", "_id":"docker-ubuntu-group"}' \ + https://:8083/api/v1/trust +``` diff --git a/openapi-specs/compute/32-05/desc/trust/trust.md b/openapi-specs/compute/32-05/desc/trust/trust.md new file mode 100644 index 000000000..b8c57bf98 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/trust/trust.md @@ -0,0 +1,2 @@ +Manage the list of registries, repositories, and images that are considered trusted. +You can create a compliance policy that permits just the images in this list to execute in your environment. diff --git a/openapi-specs/compute/32-05/desc/users/get.md b/openapi-specs/compute/32-05/desc/users/get.md new file mode 100644 index 000000000..e4e6966ec --- /dev/null +++ b/openapi-specs/compute/32-05/desc/users/get.md @@ -0,0 +1,17 @@ +Retrieves a list of all users. + +This endpoint maps to **Manage > Authentication > Users** in the Console UI. + +### cURL Request + +The following cURL command retrieves all users. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/users' +``` + +A successful response returns a list of all users. diff --git a/openapi-specs/compute/32-05/desc/users/id_delete.md b/openapi-specs/compute/32-05/desc/users/id_delete.md new file mode 100644 index 000000000..1cfa5642d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/users/id_delete.md @@ -0,0 +1,27 @@ +Deletes a user from the system. + +The URL parameter `{id}` maps to `username`. +The `username` for each user can be retrieved from the `GET /api/v/users` endpoint. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Users**. +2. In a table row, click the **Actions** button for the user to update. +3. Click the **Delete** button to open the delete confirmation window. +4. Click the **Delete User** button to delete the user. + +**Note:** You can not delete the user for the current logged in account. + +### cURL Request + +The following cURL command deletes user `ID` from the system. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https:///api/v/users/ +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/users/password_put.md b/openapi-specs/compute/32-05/desc/users/password_put.md new file mode 100644 index 000000000..5a5fe356b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/users/password_put.md @@ -0,0 +1,27 @@ +Changes the password of a user. + +To invoke this endpoint in the Console UI: + +1. Click on the user icon near the top-right corner of the Console UI. +2. Select **Change password**. +3. Enter the old and new passwords. +3. Click the **Save** button. + +### cURL Request + +The following cURL command replaces the password of `USER` (the user authenticating with Console to call this endpoint). + +```bash +$ curl 'https:///api/v/users/password' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "oldPassword": "", + "newPassword": "" +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/users/post.md b/openapi-specs/compute/32-05/desc/users/post.md new file mode 100644 index 000000000..e3ca2f09c --- /dev/null +++ b/openapi-specs/compute/32-05/desc/users/post.md @@ -0,0 +1,114 @@ +Adds a new user to the system. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Users**. +2. Click **+ Add user** and enter the user's information. +3. Click the **Save** button. + +Every Console has a project name, even if projects aren't enabled. +If you've deployed a single stand-alone Console, it's called `Central Console`. +If you've enabled projects, the master Console is called `Central Console`. +Each connected tenant project has a unique name, which is specified when the project is created. + +All users are created and managed in `Central Console`. + +### cURL Requests + +Refer to the following example cURL requests: + +#### Add a New User + +When `authType` is set to `basic`, the system creates a "local" user that's managed in Console's database. +If you integrated Prisma Cloud with an identity provider, set `authType` to a supported value, such as `saml`. + +The following example cURL command adds a new user to Central Console: + +```bash +$ curl 'https:///api/v/users' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "username":"", + "password":"", + "role":"auditor", + "authType":"basic" +}' +``` + +**Note:** No response will be returned upon successful execution. + +#### Add a New User and Grant Access to a Project + +Use the `permissions` object to grant a user access to specific projects and specific collections in a project. + +When you define the `permissions` object, specify the following parameters: +`projects`: (Required.) Specifies a project name. +`collections`: (Requires initialization with a valid collection name.) Specifies a valid collection to assign to the user. +If left unspecified, users are granted access to the `All` collection by default. + +The following example cURL command adds a new user to Console and grants access to the tenant project `PROJECT_NAME`: + +Before you invoke this request: + +1. In the Console UI navigate to **Manage > Projects**. +2. Enable the **Use projects** setting. +3. If no project is provisioned, use the **+ Provision project** button to create a new project. +4. Retrieve a tenant project name from the table from the **Project** column. + +```bash +$ curl 'https:///api/v/users' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "username":"", + "password":"", + "role":"auditor", + "authType":"basic", + "permissions":[ + { + "project":"" + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. + +#### Add a New User and Grant Access to a Collection + +When assigning collections, you must explicitly specify a project. +When you're working with a single stand-alone Console, the value for project is `Central Console`. + +The following example cURL command adds a new user to Console and grants access to the `finance-app` collection in `Central Console`: + +```bash +$ curl 'https:///api/v/users' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "username":"", + "password":"", + "role":"auditor", + "authType":"basic", + "permissions":[ + { + "project":"Central Console", + "collections":[ + "finance-app" + ] + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/users/put.md b/openapi-specs/compute/32-05/desc/users/put.md new file mode 100644 index 000000000..8f25a00a6 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/users/put.md @@ -0,0 +1,43 @@ +Updates an existing user in the system. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Users**. +2. In a table row, click the **Actions** button for the user to update. +3. Click the **Manage** button and update the user's parameters. +4. Click the **Save** button to save the updated user. + +### cURL Request + +The following example command changes the role of a user to `auditor`. + +In general, you should get the user object from `GET /api/v/users` and resubmit all key-value pairs, changing just the values that need updating. +If key-values are left unspecified, their default values will override any current values (note the exception below). +For example, if `permissions.collections` specified a collection named `finance-app`, but the submitted request omitted `permissions.collections`, its value would be reset to `All`. + +For "local" users, where `authType` is set to `basic`: if a password isn't specified, it's left as-is. +For any other `authType`, passwords are managed by the identity provider (IdP), and aren't specified in the request body. + +```bash +$ curl 'https:///api/v/users' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "username":"", + "role":"auditor", + "authType":"basic", + "permissions":[ + { + "project":"", + "collections":[ + "All" + ] + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/32-05/desc/users/users.md b/openapi-specs/compute/32-05/desc/users/users.md new file mode 100644 index 000000000..976121da4 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/users/users.md @@ -0,0 +1,7 @@ +Administrative endpoint to create and manage users. +Assign roles and specify who has access to which projects and which collections. + +User management with these endpoints is supported for Compute Edition (self-hosted) only. + +If you integrated Prisma Cloud Compute Edition with an identity provider, use these endpoints to assign roles to individual users. +Note that groups are a better way to assign roles when you have a large number of users. diff --git a/openapi-specs/compute/32-05/desc/util/osx_twistcli_arm64_get.md b/openapi-specs/compute/32-05/desc/util/osx_twistcli_arm64_get.md new file mode 100644 index 000000000..b385d0d3b --- /dev/null +++ b/openapi-specs/compute/32-05/desc/util/osx_twistcli_arm64_get.md @@ -0,0 +1,17 @@ +Downloads the twistcli binary executable for MacOS platforms based on ARM64 architecture. + +**Note:** This endpoint maps to the **MacOS platform** hyperlink in **Manage > System > Utilities** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that downloads and saves the “twistcli” binary executable for ARM64 bit MacOS platforms to your HOME directory: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET -o \ + 'https:///api/v/util/osx/arm64/twistcli' +``` + +A successful response displays the status of the download. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/util/osx_twistcli_get.md b/openapi-specs/compute/32-05/desc/util/osx_twistcli_get.md new file mode 100644 index 000000000..c49f96c41 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/util/osx_twistcli_get.md @@ -0,0 +1,17 @@ +Downloads the twistcli binary executable for MacOS platforms. + +This endpoint maps to the **MacOS platform** hyperlink in **Manage > System > Utilities** in the Console UI. + +### cURL Request + +The following cURL command downloads the twistcli binary executable for MacOS platforms. + +```bash +$ curl -k \ + -u \ + -L \ + -o twistcli \ + https:///api/v1/util/osx/twistcli +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/32-05/desc/util/twistcli_arm64_get.md b/openapi-specs/compute/32-05/desc/util/twistcli_arm64_get.md new file mode 100644 index 000000000..7ec36d3f5 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/util/twistcli_arm64_get.md @@ -0,0 +1,17 @@ +Downloads the twistcli binary executable for ARM64 bit Linux platforms. + +This endpoint maps to the **Linux platform** hyperlink in **Manage > System > Utilities** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that downloads and saves the “twistcli” binary executable to your HOME directory: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET -o \ + 'https:///api/v/util/arm64/twistcli' +``` + +A successful response displays the status of the download. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/util/twistcli_get.md b/openapi-specs/compute/32-05/desc/util/twistcli_get.md new file mode 100644 index 000000000..f9d2d295c --- /dev/null +++ b/openapi-specs/compute/32-05/desc/util/twistcli_get.md @@ -0,0 +1,16 @@ +Downloads the twistcli binary executable for Linux platforms. + +This endpoint maps to the **Linux platform** hyperlink in **Manage > System > Utilities** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that downloads and saves the “twistcli” binary executable to your HOME directory: + +```bash +$ curl -k \ + -u \ + -X GET -o \ +'https:///api/v/util/twistcli' +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/32-05/desc/util/twistlock_jenkins_plugin_get.md b/openapi-specs/compute/32-05/desc/util/twistlock_jenkins_plugin_get.md new file mode 100644 index 000000000..9fb8d4a02 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/util/twistlock_jenkins_plugin_get.md @@ -0,0 +1,17 @@ +Downloads the Prisma Cloud Compute Jenkins plugin. + +Although this endpoint is supported, no backwards compatibility is offered for it. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -L \ + -o twistlock-jenkins-plugin.hpi \ + https:///api/v1/util/twistlock-jenkins-plugin.hpi +``` + +A successful response displays the status of the download. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/util/twistlock_tas_tile_get.md b/openapi-specs/compute/32-05/desc/util/twistlock_tas_tile_get.md new file mode 100644 index 000000000..fea28aaad --- /dev/null +++ b/openapi-specs/compute/32-05/desc/util/twistlock_tas_tile_get.md @@ -0,0 +1,17 @@ +Downloads the VMware Tanzu Application Service tile for Prisma Cloud Compute. + +Although this endpoint is supported, no backwards compatibility is offered for it. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -L \ + -o twistlock-tile.pivotal \ + "https:///api/v1/util/tas-tile" +``` + +A successful response displays the status of the download. \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/util/util.md b/openapi-specs/compute/32-05/desc/util/util.md new file mode 100644 index 000000000..2a0c26d8e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/util/util.md @@ -0,0 +1 @@ +Download Prisma Cloud Compute utilities. diff --git a/openapi-specs/compute/32-05/desc/util/windows_twistcli_get.md b/openapi-specs/compute/32-05/desc/util/windows_twistcli_get.md new file mode 100644 index 000000000..1c545dbbb --- /dev/null +++ b/openapi-specs/compute/32-05/desc/util/windows_twistcli_get.md @@ -0,0 +1,17 @@ +Downloads the twistcli binary executable for Windows platforms. + +This endpoint maps to the **Windows platform** hyperlink in **Manage > System > Utilities** in the Console UI. + +### cURL Request + +The following cURL command downloads the twistcli binary executable for Windows platforms. + +```bash +$ curl -k \ + -u \ + -L \ + -o twistcli.exe \ + https:///api/v1/util/windows/twistcli.exe +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/32-05/desc/version/get.md b/openapi-specs/compute/32-05/desc/version/get.md new file mode 100644 index 000000000..28be315e0 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/version/get.md @@ -0,0 +1,15 @@ +Retrieves the version number for Console. + +### cURL Request + +The following cURL command retrieves the version number for Console. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/version +``` + +A successful response returns the version number for Console. diff --git a/openapi-specs/compute/32-05/desc/version/version.md b/openapi-specs/compute/32-05/desc/version/version.md new file mode 100644 index 000000000..41e9950da --- /dev/null +++ b/openapi-specs/compute/32-05/desc/version/version.md @@ -0,0 +1 @@ +Return Console's version number. diff --git a/openapi-specs/compute/32-05/desc/vms/download_get.md b/openapi-specs/compute/32-05/desc/vms/download_get.md new file mode 100644 index 000000000..e65e4efc9 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/vms/download_get.md @@ -0,0 +1,18 @@ +Returns all VM image scan reports in CSV format. + +**Note**: This endpoint maps to the table in **Monitor > Vulnerabilities > Hosts > VM images > CSV** in the Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command that retrieves all VM image scan reports and saves the results in a CSV file called `vm_images_scan.csv`: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o vm_images_scan.csv \ + "https:///api/v/vms/download" +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/32-05/desc/vms/get.md b/openapi-specs/compute/32-05/desc/vms/get.md new file mode 100644 index 000000000..d44d9d801 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/vms/get.md @@ -0,0 +1,62 @@ +Returns all VM image scan reports. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to the table in **Monitor > Vulnerabilities > Hosts > VM images** in the Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command that retrieves all VM image scan reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/vms" +``` + +### cURL Response + +Refer to the following example VM scan report: + +``` +{ + "_id": "2226875301309860442", + "type": "vm", + "hostname": "", + "scanTime": "2022-12-01T18:08:15.299Z", + "binaries": [], + "Secrets": [], + "startupBinaries": [], + "osDistro": "redhat", + "osDistroVersion": "7", + "osDistroRelease": "RHEL7", + "distro": "CentOS Linux release 7.9.2009 (Core)", + "packages": [ + { + "pkgsType": "package", + "pkgs": [ + { + "version": "0.100-7.el7", + "name": "dbus-glib", + "cveCount": 8, + "license": "AFL and GPLv2+", + "layerTime": 0 + }, + { + "version": "2.02-0.87.el7.centos.7", + "name": "grub2-common", + "cveCount": 184, + "license": "GPLv3+", + "layerTime": 0 + } + ... + ... + ... + ] + } + ] +} +``` diff --git a/openapi-specs/compute/32-05/desc/vms/labels_get.md b/openapi-specs/compute/32-05/desc/vms/labels_get.md new file mode 100644 index 000000000..ad678b30d --- /dev/null +++ b/openapi-specs/compute/32-05/desc/vms/labels_get.md @@ -0,0 +1,27 @@ +Returns an array of strings containing all AWS tags of the scanned VM images. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/vms/labels" +``` +### cURL Response + +Refer to the following example response: + +``` +[ + "gcp:vmscan", + "with_pulled_images:true", + "test-linux-key-2:test-linux-value-2", + "test-linux-key-1:test-linux-value-1", + "Name:user-test-b" +] + +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/vms/names_get.md b/openapi-specs/compute/32-05/desc/vms/names_get.md new file mode 100644 index 000000000..0283ed28e --- /dev/null +++ b/openapi-specs/compute/32-05/desc/vms/names_get.md @@ -0,0 +1,32 @@ +Returns an array of strings containing VM image names. + + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H 'Content-Type: application/json' \ + "https:///api/v/vms/names" +``` + +### cURL Response + +Refer to the following example response: + +``` +[ + "new-auto-images-cen7-dock", + "ubuntu-pro-2004-focal-v20210720", + "user-encrypted2", + "ubuntu-20.04-lts:1.0.0", + "user-test-b", + "user-ubuntu-image-scan1", + "Canonical:0001-com-ubuntu-server-focal:20_04-lts:20.04.202110260", + "ubuntu-20.04-lts" +] + +``` \ No newline at end of file diff --git a/openapi-specs/compute/32-05/desc/vms/scan_post.md b/openapi-specs/compute/32-05/desc/vms/scan_post.md new file mode 100644 index 000000000..1caa2dcaf --- /dev/null +++ b/openapi-specs/compute/32-05/desc/vms/scan_post.md @@ -0,0 +1,13 @@ +Re-scans all VM images immediately. This endpoint returns the time that the scans were initiated. + +### cURL Request + +Refer to the following example cURL command that forces Prisma Cloud to re-scan all VM images: + +```bash +$ curl -k \ + -u \ + H 'Content-Type: application/json' \ + -X POST \ + "https:///api/v/vms/scan" +``` diff --git a/openapi-specs/compute/32-05/desc/vms/stop_post.md b/openapi-specs/compute/32-05/desc/vms/stop_post.md new file mode 100644 index 000000000..4a74743eb --- /dev/null +++ b/openapi-specs/compute/32-05/desc/vms/stop_post.md @@ -0,0 +1,15 @@ +Stops the current VM image scan. + +Note: It might take a few minutes for the scan to stop completely. + +### cURL Request + +Refer to the following example cURL command that forces Prisma Cloud to stop scanning all VM images: + +```bash +$ curl -k \ + -u \ + H 'Content-Type: application/json' \ + -X POST \ + "https:///api/v/vms/stop" +``` diff --git a/openapi-specs/compute/32-05/desc/vms/vms.md b/openapi-specs/compute/32-05/desc/vms/vms.md new file mode 100644 index 000000000..a9662cdbc --- /dev/null +++ b/openapi-specs/compute/32-05/desc/vms/vms.md @@ -0,0 +1,21 @@ +Scan VM images in AWS, Azure, and GCP for vulnerabilities. + +Prisma Cloud can scan the following VM images: +* AWS: Linux Amazon Machine Images (AMIs) +* Azure: Managed, Gallery and Marketplace images +* GCP: Public and Custom images (including Premium images) + +For more information, see [Configure VM Image Scanning](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/vm_image_scanning) + +### Authentication + +#### Basic Auth +##### Headers + - Authorization: required (string): Authenticates with the Base64-encoded "username:password" credentials. + +#### JWT Access Token +Use POST, /api/vVERSION/authenticate for authorization +##### Headers + - Authorization: required (string): Authenticates with the Bearer authentication scheme to transmit the access token. + Example: + Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJk………… diff --git a/openapi-specs/compute/32-05/desc/waas/openapi-scans_post.md b/openapi-specs/compute/32-05/desc/waas/openapi-scans_post.md new file mode 100644 index 000000000..d78a42616 --- /dev/null +++ b/openapi-specs/compute/32-05/desc/waas/openapi-scans_post.md @@ -0,0 +1,14 @@ +Scans the OpenAPI specifications file of size not more than 100 KB and generates a report for any errors, or shortcomings such as structural issues, compromised security, best practices, and so on. API definition scan supports scanning OpenAPI 2.X and 3.X definition files in either YAML or JSON formats. + +### cURL Request + +Refer to the following example cURL command that generates a report for any errors or shortcomings in the OpenAPI specification: + +```bash +$ curl 'https:///api/v/waas/openapi-scans' \ +-k \ +-H 'Content-Type: multipart/form-data' \ +-u \ +-X POST \ +-v -F‘spec=@.json;type=application/json’-F‘data={“source”:“manual”};type=application/json’ +``` \ No newline at end of file diff --git a/openapi-specs/compute/openapi-32-05-124-sh.json b/openapi-specs/compute/32-05/openapi-32-05-124-sh.json similarity index 100% rename from openapi-specs/compute/openapi-32-05-124-sh.json rename to openapi-specs/compute/32-05/openapi-32-05-124-sh.json diff --git a/openapi-specs/compute/desc/images/get.md b/openapi-specs/compute/desc/images/get.md index 6c82341b6..ec777ffb8 100644 --- a/openapi-specs/compute/desc/images/get.md +++ b/openapi-specs/compute/desc/images/get.md @@ -7,6 +7,10 @@ This endpoint maps to the image table in **Monitor > Compliance > Images > Deplo > _**Note:**_ The `image` object of the response was created for internal use of Prisma Cloud Compute for image scanning and analysis. Therefore, its inner fields are not saved in the database and will return empty in the endpoint response. You can get some of its values, such as `labels` and `history`, from the main structure of the response. +You can use the wildcard (*) character as input to filter the retrieved images. + +If no entry is present in the database, the search returns an empty list. + Consider the following available options to retrieve when you use the `fields` query parameter: - labels - repoTag.repo @@ -14,6 +18,7 @@ Consider the following available options to retrieve when you use the `fields` q - clusters - hosts - repoTag.tag + ### cURL Request Refer to the following cURL command that retrieves a compact scan report for all images: diff --git a/openapi-specs/compute/desc/sbom/download_ci_images_get.md b/openapi-specs/compute/desc/sbom/download_ci_images_get.md new file mode 100644 index 000000000..2ecc2a026 --- /dev/null +++ b/openapi-specs/compute/desc/sbom/download_ci_images_get.md @@ -0,0 +1 @@ +Downloads SBOM file for cli images according to the given options. \ No newline at end of file diff --git a/openapi-specs/compute/desc/sbom/download_ci_serverless_get.md b/openapi-specs/compute/desc/sbom/download_ci_serverless_get.md new file mode 100644 index 000000000..54800dca6 --- /dev/null +++ b/openapi-specs/compute/desc/sbom/download_ci_serverless_get.md @@ -0,0 +1 @@ +Downloads SBOM file for cli serverless according to the given options. diff --git a/openapi-specs/compute/desc/sbom/download_hosts_get.md b/openapi-specs/compute/desc/sbom/download_hosts_get.md new file mode 100644 index 000000000..248852739 --- /dev/null +++ b/openapi-specs/compute/desc/sbom/download_hosts_get.md @@ -0,0 +1 @@ +Downloads SBOM file for hosts according to the given options. \ No newline at end of file diff --git a/openapi-specs/compute/desc/sbom/download_images_get.md b/openapi-specs/compute/desc/sbom/download_images_get.md new file mode 100644 index 000000000..9b1f588de --- /dev/null +++ b/openapi-specs/compute/desc/sbom/download_images_get.md @@ -0,0 +1 @@ +Downloads SBOM file for images according to the given options. diff --git a/openapi-specs/compute/desc/sbom/download_registry_get.md b/openapi-specs/compute/desc/sbom/download_registry_get.md new file mode 100644 index 000000000..2b50c4e50 --- /dev/null +++ b/openapi-specs/compute/desc/sbom/download_registry_get.md @@ -0,0 +1 @@ +Downloads SBOM file for registries according to the given options. \ No newline at end of file diff --git a/openapi-specs/compute/desc/sbom/download_serverless_get.md b/openapi-specs/compute/desc/sbom/download_serverless_get.md new file mode 100644 index 000000000..53d4014f1 --- /dev/null +++ b/openapi-specs/compute/desc/sbom/download_serverless_get.md @@ -0,0 +1 @@ +Downloads SBOM file for serverless according to the given options. \ No newline at end of file diff --git a/openapi-specs/compute/desc/sbom/download_vms_get.md b/openapi-specs/compute/desc/sbom/download_vms_get.md new file mode 100644 index 000000000..d9488e475 --- /dev/null +++ b/openapi-specs/compute/desc/sbom/download_vms_get.md @@ -0,0 +1 @@ +Downloads SBOM file for vms according to the given options. \ No newline at end of file diff --git a/openapi-specs/compute/desc/sbom/sbom_intro.md b/openapi-specs/compute/desc/sbom/sbom_intro.md new file mode 100644 index 000000000..f67b0b685 --- /dev/null +++ b/openapi-specs/compute/desc/sbom/sbom_intro.md @@ -0,0 +1 @@ +These endpoints enable you to download the Software Bill of Materials (SBOM) \ No newline at end of file diff --git a/openapi-specs/compute/desc/settings/registry_post.md b/openapi-specs/compute/desc/settings/registry_post.md index 0fae2c481..efabf4e67 100644 --- a/openapi-specs/compute/desc/settings/registry_post.md +++ b/openapi-specs/compute/desc/settings/registry_post.md @@ -15,15 +15,15 @@ It can be one of the following strings: * Docker Trusted Registry: `dtr` * Google Container Registry: `gcr` * GitLab Container Registry: `gitlab` +* Harbor Registry: `harbor` * IBM Cloud Container Registry: `bluemix` * JFrog Artifactory: `jfrog` * Red Hat OpenShift: `redhat` * Sonatype Nexus: `sonatype` +**Note**: From Lagrange 22.11 release or later, you can add a maximum of 19,999 registry entries in **Defend > Vulnerabilities > Images > Registry settings**. -**Note**: From 22.11 (Lagrange) release or later, you can add a maximum of 19,999 registry entries in **Defend > Vulnerabilities > Images > Registry settings**. - -The API response returns an HTTP 400 error, if the number of registry specifications exceeds the maximum allowable limit of 19,999 registry entries. +The API response returns an HTTP 400 error if the number of registry specifications exceeds the maximum allowable limit of 19,999 registry entries. **cURL Request** @@ -53,8 +53,8 @@ Starting with 30.03, you can directly add a GitLab Container Registry. To add settings for a GitLab Container Registry, you must specify the following parameters: * **version**: Specify the value *gitlab* for GitLab Container Registry. -* **registry**: Specify the GitLab registry URL address. Example, for native registries, you can specify the address as "https://registry.gitlab.com" -* **credentialID**: Specify the GitLab credential that you added in the credential store in Prisma Cloud Compute. For example, an API token that has atleast the *read_api* scope. +* **registry**: Specify the GitLab registry URL address. For example, for native registries, you can specify the address as "https://registry.gitlab.com" +* **credentialID**: Specify the GitLab credential that you added in the credential store in Prisma Cloud Compute. For example, an API token that has at least the *read_api* scope. * **gitlabRegistrySpec**: Specify at least one of the following fields: * **userID**: Specify your GitLab user ID to add all registries associated with it. * **projectIDs**: Specify the project IDs to add all registries associated with a GitLab project. diff --git a/openapi-specs/compute/openapi-32-06-113-sh.json b/openapi-specs/compute/openapi-32-06-113-sh.json new file mode 100644 index 000000000..7c80e2b91 --- /dev/null +++ b/openapi-specs/compute/openapi-32-06-113-sh.json @@ -0,0 +1,53195 @@ +{ + "components": { + "schemas": { + "-_admission.Audit": { + "items": { + "$ref": "#/components/schemas/admission.Audit" + }, + "type": "array" + }, + "-_api.AggregationPeriod": { + "items": { + "$ref": "#/components/schemas/api.AggregationPeriod" + }, + "type": "array" + }, + "-_api.AlertProfile": { + "items": { + "$ref": "#/components/schemas/api.AlertProfile" + }, + "type": "array" + }, + "-_applicationcontrol.Rule": { + "items": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + }, + "type": "array" + }, + "-_ccs.ConsoleMessage": { + "items": { + "$ref": "#/components/schemas/ccs.ConsoleMessage" + }, + "type": "array" + }, + "-_collection.Collection": { + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "-_collection.Usage": { + "items": { + "$ref": "#/components/schemas/collection.Usage" + }, + "type": "array" + }, + "-_cred.Credential": { + "items": { + "$ref": "#/components/schemas/cred.Credential" + }, + "type": "array" + }, + "-_customrules.Rule": { + "items": { + "$ref": "#/components/schemas/customrules.Rule" + }, + "type": "array" + }, + "-_defender.Defender": { + "items": { + "$ref": "#/components/schemas/defender.Defender" + }, + "type": "array" + }, + "-_deployment.DaemonSet": { + "items": { + "$ref": "#/components/schemas/deployment.DaemonSet" + }, + "type": "array" + }, + "-_forensic.ContainerEvent": { + "items": { + "$ref": "#/components/schemas/forensic.ContainerEvent" + }, + "type": "array" + }, + "-_forensic.HostEvent": { + "items": { + "$ref": "#/components/schemas/forensic.HostEvent" + }, + "type": "array" + }, + "-_kubeaudit.Audit": { + "items": { + "$ref": "#/components/schemas/kubeaudit.Audit" + }, + "type": "array" + }, + "-_kubeaudit.AuditSpecification": { + "items": { + "$ref": "#/components/schemas/kubeaudit.AuditSpecification" + }, + "type": "array" + }, + "-_log.LogEntry": { + "items": { + "$ref": "#/components/schemas/log.LogEntry" + }, + "type": "array" + }, + "-_prisma.AlertIntegration": { + "items": { + "$ref": "#/components/schemas/prisma.AlertIntegration" + }, + "type": "array" + }, + "-_rbac.Role": { + "items": { + "$ref": "#/components/schemas/rbac.Role" + }, + "type": "array" + }, + "-_runtime.ContainerProfileHost": { + "items": { + "$ref": "#/components/schemas/runtime.ContainerProfileHost" + }, + "type": "array" + }, + "-_runtime.HostProfile": { + "items": { + "$ref": "#/components/schemas/runtime.HostProfile" + }, + "type": "array" + }, + "-_sandbox.ScanResult": { + "items": { + "$ref": "#/components/schemas/sandbox.ScanResult" + }, + "type": "array" + }, + "-_serverless.FunctionInfo": { + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + }, + "-_serverless.RadarFilter": { + "items": { + "$ref": "#/components/schemas/serverless.RadarFilter" + }, + "type": "array" + }, + "-_shared.AppEmbeddedRuntimeProfile": { + "items": { + "$ref": "#/components/schemas/shared.AppEmbeddedRuntimeProfile" + }, + "type": "array" + }, + "-_shared.AppFirewallAudit": { + "items": { + "$ref": "#/components/schemas/shared.AppFirewallAudit" + }, + "type": "array" + }, + "-_shared.Audit": { + "items": { + "$ref": "#/components/schemas/shared.Audit" + }, + "type": "array" + }, + "-_shared.BackupSpec": { + "items": { + "$ref": "#/components/schemas/shared.BackupSpec" + }, + "type": "array" + }, + "-_shared.CLIScanResult": { + "items": { + "$ref": "#/components/schemas/shared.CLIScanResult" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryAccount": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryAccount" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryEntity": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryEntity" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryRadar": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryRadar" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryResult": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryResult" + }, + "type": "array" + }, + "-_shared.CloudScanRule": { + "items": { + "$ref": "#/components/schemas/shared.CloudScanRule" + }, + "type": "array" + }, + "-_shared.ContainerNetworkFirewallProfileAudits": { + "items": { + "$ref": "#/components/schemas/shared.ContainerNetworkFirewallProfileAudits" + }, + "type": "array" + }, + "-_shared.ContainerRuntimeProfile": { + "items": { + "$ref": "#/components/schemas/shared.ContainerRuntimeProfile" + }, + "type": "array" + }, + "-_shared.ContainerScanResult": { + "items": { + "$ref": "#/components/schemas/shared.ContainerScanResult" + }, + "type": "array" + }, + "-_shared.CustomComplianceCheck": { + "items": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + }, + "type": "array" + }, + "-_shared.FileIntegrityEvent": { + "items": { + "$ref": "#/components/schemas/shared.FileIntegrityEvent" + }, + "type": "array" + }, + "-_shared.HostActivity": { + "items": { + "$ref": "#/components/schemas/shared.HostActivity" + }, + "type": "array" + }, + "-_shared.HostInfo": { + "items": { + "$ref": "#/components/schemas/shared.HostInfo" + }, + "type": "array" + }, + "-_shared.HostNetworkFirewallProfileAudits": { + "items": { + "$ref": "#/components/schemas/shared.HostNetworkFirewallProfileAudits" + }, + "type": "array" + }, + "-_shared.ImageScanResult": { + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + }, + "-_shared.Incident": { + "items": { + "$ref": "#/components/schemas/shared.Incident" + }, + "type": "array" + }, + "-_shared.LambdaRuntimeType": { + "items": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "type": "array" + }, + "-_shared.LogInspectionEvent": { + "items": { + "$ref": "#/components/schemas/shared.LogInspectionEvent" + }, + "type": "array" + }, + "-_shared.MgmtAudit": { + "items": { + "$ref": "#/components/schemas/shared.MgmtAudit" + }, + "type": "array" + }, + "-_shared.Progress": { + "items": { + "$ref": "#/components/schemas/shared.Progress" + }, + "type": "array" + }, + "-_shared.RegionData": { + "items": { + "$ref": "#/components/schemas/shared.RegionData" + }, + "type": "array" + }, + "-_shared.RegistryScanProgress": { + "items": { + "$ref": "#/components/schemas/shared.RegistryScanProgress" + }, + "type": "array" + }, + "-_shared.RegistryScanRequest": { + "items": { + "$ref": "#/components/schemas/shared.RegistryScanRequest" + }, + "type": "array" + }, + "-_shared.RuntimeAudit": { + "items": { + "$ref": "#/components/schemas/shared.RuntimeAudit" + }, + "type": "array" + }, + "-_shared.TASDropletSpecification": { + "items": { + "$ref": "#/components/schemas/shared.TASDropletSpecification" + }, + "type": "array" + }, + "-_shared.Tag": { + "items": { + "$ref": "#/components/schemas/shared.Tag" + }, + "type": "array" + }, + "-_shared.TrustAudits": { + "items": { + "$ref": "#/components/schemas/shared.TrustAudits" + }, + "type": "array" + }, + "-_shared.VMSpecification": { + "items": { + "$ref": "#/components/schemas/shared.VMSpecification" + }, + "type": "array" + }, + "-_string": { + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "-_types.AgentlessHostStatus": { + "items": { + "$ref": "#/components/schemas/types.AgentlessHostStatus" + }, + "type": "array" + }, + "-_types.AlertProfileOption": { + "items": { + "$ref": "#/components/schemas/types.AlertProfileOption" + }, + "type": "array" + }, + "-_types.AuditTimeslice": { + "items": { + "$ref": "#/components/schemas/types.AuditTimeslice" + }, + "type": "array" + }, + "-_types.BaseImagesRule": { + "items": { + "$ref": "#/components/schemas/types.BaseImagesRule" + }, + "type": "array" + }, + "-_types.CVEStats": { + "items": { + "$ref": "#/components/schemas/types.CVEStats" + }, + "type": "array" + }, + "-_types.CVEVulnerability": { + "items": { + "$ref": "#/components/schemas/types.CVEVulnerability" + }, + "type": "array" + }, + "-_types.ClusterRadarInfo": { + "items": { + "$ref": "#/components/schemas/types.ClusterRadarInfo" + }, + "type": "array" + }, + "-_types.CredentialUsage": { + "items": { + "$ref": "#/components/schemas/types.CredentialUsage" + }, + "type": "array" + }, + "-_types.DefenderSummary": { + "items": { + "$ref": "#/components/schemas/types.DefenderSummary" + }, + "type": "array" + }, + "-_types.DefendersVersionCount": { + "items": { + "$ref": "#/components/schemas/types.DefendersVersionCount" + }, + "type": "array" + }, + "-_types.DiscoveredVM": { + "items": { + "$ref": "#/components/schemas/types.DiscoveredVM" + }, + "type": "array" + }, + "-_types.Endpoint": { + "items": { + "$ref": "#/components/schemas/types.Endpoint" + }, + "type": "array" + }, + "-_types.ImpactedOutOfBandEntity": { + "items": { + "$ref": "#/components/schemas/types.ImpactedOutOfBandEntity" + }, + "type": "array" + }, + "-_types.Project": { + "items": { + "$ref": "#/components/schemas/types.Project" + }, + "type": "array" + }, + "-_types.Stats": { + "items": { + "$ref": "#/components/schemas/types.Stats" + }, + "type": "array" + }, + "-_types.UserCollection": { + "items": { + "$ref": "#/components/schemas/types.UserCollection" + }, + "type": "array" + }, + "-_types.UserProject": { + "items": { + "$ref": "#/components/schemas/types.UserProject" + }, + "type": "array" + }, + "-_types.VulnerabilityStats": { + "items": { + "$ref": "#/components/schemas/types.VulnerabilityStats" + }, + "type": "array" + }, + "-_uint8": { + "items": { + "$ref": "#/components/schemas/uint8" + }, + "type": "array" + }, + "-_vuln.WildFireMalware": { + "items": { + "$ref": "#/components/schemas/vuln.WildFireMalware" + }, + "type": "array" + }, + "-_waas.APIChangeDetails": { + "items": { + "$ref": "#/components/schemas/waas.APIChangeDetails" + }, + "type": "array" + }, + "-_waas.DiscoveredAPI": { + "items": { + "$ref": "#/components/schemas/waas.DiscoveredAPI" + }, + "type": "array" + }, + "-_waas.NetworkList": { + "items": { + "$ref": "#/components/schemas/waas.NetworkList" + }, + "type": "array" + }, + "-_waas.OpenAPIScan": { + "items": { + "$ref": "#/components/schemas/waas.OpenAPIScan" + }, + "type": "array" + }, + "-_waas.UnprotectedContainersWebApps": { + "items": { + "$ref": "#/components/schemas/waas.UnprotectedContainersWebApps" + }, + "type": "array" + }, + "-_waas.UnprotectedHostsWebApps": { + "items": { + "$ref": "#/components/schemas/waas.UnprotectedHostsWebApps" + }, + "type": "array" + }, + "-_waas.VPCConfigMirroredVM": { + "items": { + "$ref": "#/components/schemas/waas.VPCConfigMirroredVM" + }, + "type": "array" + }, + "-_waas.VPCConfigResource": { + "items": { + "$ref": "#/components/schemas/waas.VPCConfigResource" + }, + "type": "array" + }, + "admission.Audit": { + "description": "Audit represents an admission audit", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the cluster where the audit took place.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "description": "Effect is the rule effect which was applied to the review which led to this audit.\n", + "type": "string" + }, + "kind": { + "description": "Kind is the type of object being manipulated. For example: Pod.\n", + "type": "string" + }, + "message": { + "description": "Message is the rule user defined message which appears on audit.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace associated with the request (if any).\n", + "type": "string" + }, + "operation": { + "description": "Operation is the operation being performed.\n", + "type": "string" + }, + "rawRequest": { + "description": "RawRequest is the original review request that caused this audit.\n", + "type": "string" + }, + "resource": { + "description": "Resource is the name of the resource being requested. This is not the kind. For example: pods.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule which issued this audit.\n", + "type": "string" + }, + "time": { + "description": "Time is the time at which the audit was generated.\n", + "format": "date-time", + "type": "string" + }, + "userGroups": { + "description": "UserGroups is the names of groups this user is a part of.\n", + "type": "string" + }, + "userUid": { + "description": "UserUID is a unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs.\n", + "type": "string" + }, + "username": { + "description": "Username is the name that uniquely identifies this user among all active users.\n", + "type": "string" + } + }, + "type": "object" + }, + "admission.Policy": { + "description": "Policy represents a policy enforced on Kubernetes admission reviews", + "properties": { + "_id": { + "description": "ID is the policy ID.\n", + "type": "string" + }, + "rules": { + "description": "Rules is a list of rules associated with the admission policy.\n", + "items": { + "$ref": "#/components/schemas/admission.Rule" + }, + "type": "array" + } + }, + "type": "object" + }, + "admission.Rule": { + "description": "Rule represents an admission rule", + "properties": { + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "description": { + "description": "Description is the rule description.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/common.PolicyEffect" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "script": { + "description": "Script is the Rego script.\n", + "type": "string" + }, + "skipRawReq": { + "description": "SkipRawReq signals to exclude raw review request in a resulting admission audit.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "agentless.ImageScanResultErrCode": { + "description": "ImageScanResultErrCode represents the asset status error", + "type": "integer" + }, + "api.AggregationPeriod": { + "description": "AggregationPeriod represents a period over which alerts are aggregated", + "properties": { + "displayName": { + "description": "The display name of the aggregation period.\n", + "type": "string" + }, + "periodMS": { + "description": "The aggregation period's duration in milliseconds.\n", + "type": "integer" + } + }, + "type": "object" + }, + "api.AlertClientType": { + "description": "AlertClientType represents the type of alert client (e.g., email, slack, ...)", + "type": "string" + }, + "api.AlertProfile": { + "description": "AlertProfile represents an alert profile (event type and recipients)", + "properties": { + "_id": { + "description": "ID is the alert profile ID.\n", + "type": "string" + }, + "consoleIdentifier": { + "description": "ConsoleIdentifier is the console identifier.\n", + "type": "string" + }, + "cortex": { + "$ref": "#/components/schemas/api.AlertProfileCortexSettings" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "email": { + "$ref": "#/components/schemas/api.AlertProfileEmailSettings" + }, + "external": { + "description": "External indicates that the profile is integrated through Prisma Cloud.\n", + "type": "boolean" + }, + "gcpPubsub": { + "$ref": "#/components/schemas/api.AlertProfileGcpPubsubSettings" + }, + "integrationID": { + "description": "IntegrationID is the ID identifying the provider configured in Prisma Cloud.\n", + "type": "string" + }, + "jira": { + "$ref": "#/components/schemas/api.AlertProfileJIRASettings" + }, + "lastError": { + "description": "LastError represents the last error when sending the profile.\n", + "type": "string" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pagerduty": { + "$ref": "#/components/schemas/api.AlertProfilePagerDutySettings" + }, + "policy": { + "additionalProperties": { + "$ref": "#/components/schemas/api.AlertRule" + }, + "description": "Policy contains the mapping between alert type to the applied alert rules.\n", + "type": "object" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "securityAdvisor": { + "$ref": "#/components/schemas/api.AlertProfileSecurityAdvisor" + }, + "securityCenter": { + "$ref": "#/components/schemas/api.AlertProfileSecurityCenterSettings" + }, + "securityHub": { + "$ref": "#/components/schemas/api.AlertProfileSecurityHubSettings" + }, + "serviceNow": { + "$ref": "#/components/schemas/api.AlertProfileServiceNowSettings" + }, + "slack": { + "$ref": "#/components/schemas/api.AlertProfileSlackSettings" + }, + "splunk": { + "$ref": "#/components/schemas/api.AlertProfileSplunkSettings" + }, + "sqs": { + "$ref": "#/components/schemas/api.AlertProfileSQSSettings" + }, + "vulnerabilityImmediateAlertsEnabled": { + "description": "VulnerabilityImmediateAlertsEnabled indicates whether an immediate vulnerability alert will be sent upon new image scan.\n", + "type": "boolean" + }, + "webhook": { + "$ref": "#/components/schemas/api.AlertProfileWebhookSettings" + } + }, + "type": "object" + }, + "api.AlertProfileCortexSettings": { + "description": "AlertProfileCortexSettings represents Cortex applications alert profile settings", + "properties": { + "application": { + "$ref": "#/components/schemas/api.CortexApp" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the id of the basic authentication credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Webhook provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom JSON we send to the URL.\n", + "type": "string" + }, + "url": { + "description": "URL is the Webhook address.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileEmailSettings": { + "description": "AlertProfileEmailSettings represents the alert profile Email settings", + "properties": { + "credentialId": { + "description": "CredentialID is the Email authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "from": { + "description": "From is the from address of the mail.\n", + "type": "string" + }, + "labels": { + "description": "Labels are custom label names from which the mail recipients are extracted, allowing to dynamically extract the target of the alerts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "port": { + "description": ".\n", + "type": "integer" + }, + "recipients": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "smtpAddress": { + "description": ".\n", + "type": "string" + }, + "ssl": { + "description": ".\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.AlertProfileGcpPubsubSettings": { + "description": "AlertProfileGcpPubsubSettings is the GCP Pub/Sub alert profile settings", + "properties": { + "credentialId": { + "description": "CredentialID is the GCP Pub/Sub authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the GCP Pub/Sub settings are enabled.\n", + "type": "boolean" + }, + "topic": { + "description": "Topic is the GCP Pub/Sub topic (used by subscribers to listen for messages).\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileJIRASettings": { + "description": "AlertProfileJIRASettings represents the alert profile JIRA settings", + "properties": { + "assignee": { + "$ref": "#/components/schemas/api.JIRADynamicField" + }, + "baseUrl": { + "description": "BaseURL is the JIRA address.\n", + "type": "string" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the JIRA authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled controls whether the rule is enabled.\n", + "type": "boolean" + }, + "issueType": { + "description": "IssueType is the type of the JIRA issue.\n", + "type": "string" + }, + "labels": { + "$ref": "#/components/schemas/api.JIRADynamicLabels" + }, + "priority": { + "description": "Priority is the issue priority.\n", + "type": "string" + }, + "projectKey": { + "$ref": "#/components/schemas/api.JIRADynamicField" + } + }, + "type": "object" + }, + "api.AlertProfilePagerDutySettings": { + "description": "AlertProfilePagerDutySettings represents the alert profile PagerDuty settings", + "properties": { + "enabled": { + "description": "Enabled is PagerDuty provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "routingKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "severity": { + "$ref": "#/components/schemas/api.PagerDutyAlertSeverity" + }, + "summary": { + "description": "Summary is the PagerDuty's event summary.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSQSSettings": { + "description": "AlertProfileSQSSettings represents the alert profile SQS settings", + "properties": { + "enabled": { + "description": "Enabled is the SQS provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom json we send to SQS.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityAdvisor": { + "description": "AlertProfileSecurityAdvisor is the IBM security advisor alert profile settings", + "properties": { + "auto": { + "description": "Automatic means the configuration was automatically provisioned by security advisor, and only notes should be created.\n", + "type": "boolean" + }, + "credentialID": { + "description": "CredentialID is the IBM security advisor credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the security advisor settings are enabled.\n", + "type": "boolean" + }, + "findingsURL": { + "description": "FindingsURL is the URL to which findings should be sent.\n", + "type": "string" + }, + "providerId": { + "description": "ProviderID is the configured providerID (default twistlock).\n", + "type": "string" + }, + "tokenURL": { + "description": "TokenURL is the url from which security tokens should be fetched.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityCenterSettings": { + "description": "AlertProfileSecurityCenterSettings is the google cloud security center alert profile settings", + "properties": { + "credentialId": { + "description": "CredentialID is the Security Center authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "sourceID": { + "description": "SourceID is the google cloud security center organization source ID (used to construct security advisor findings).\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityHubSettings": { + "description": "AlertProfileSecurityHubSettings is the AWS security hub alert profile settings", + "properties": { + "accountID": { + "description": "AccountID is the AWS account ID.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the SecurityHub authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the security hub settings are enabled.\n", + "type": "boolean" + }, + "region": { + "description": "Region is the aws region.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileServiceNowSettings": { + "description": "AlertProfileServiceNowSettings represents the ServiceNow provider alert profile settings", + "properties": { + "application": { + "$ref": "#/components/schemas/api.ServiceNowApp" + }, + "assignee": { + "description": "Assignee is the ServiceNow user to whom will assign ServiceNow incidents\\items.\n", + "type": "string" + }, + "assignmentGroup": { + "description": "AssignmentGroup is the ServiceNow group of users handling security incidents.\n", + "type": "string" + }, + "auditPriority": { + "description": "AuditPriority is the priority at which to set audit alerts in security incidents.\n", + "type": "string" + }, + "caCert": { + "description": "CA certificate for on-premise ssl (optional).\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the ServiceNow authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is the ServiceNow provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "project": { + "description": "Project is the name of the prisma compute project that was used to generate this configuration. It's required as secondary consoles do not store their project name.\n", + "type": "string" + }, + "securityIncidentBaseURL": { + "description": "SecurityIncidentBaseURL is the ServiceNow address, used to send security incidents.\n", + "type": "string" + }, + "vulnerabilityEndpointUrl": { + "description": "VulnerabilityEndpointURL to report ServiceNow vulnerabilities, customer defined scripted REST API, see: https://docs.servicenow.com/bundle/orlando-application-development/page/integrate/custom-web-services/concept/c_CustomWebServices.html.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSlackSettings": { + "description": "AlertProfileSlackSettings represents the alert profile Slack settings", + "properties": { + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "users": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "webhookUrl": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSplunkSettings": { + "description": "AlertProfileSplunkSettings represents the alert profile Splunk settings", + "properties": { + "authToken": { + "$ref": "#/components/schemas/common.Secret" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server (optional).\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Splunk provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom json we send to Splunk.\n", + "type": "string" + }, + "sourceType": { + "description": "SourceType is the alert source type.\n", + "type": "string" + }, + "url": { + "description": "URL is the Splunk HTTP event collector URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileWebhookSettings": { + "description": "AlertProfileWebhookSettings represents the alert profile Webhook settings", + "properties": { + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the id of the basic authentication credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Webhook provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom JSON we send to the URL.\n", + "type": "string" + }, + "url": { + "description": "URL is the Webhook address.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertRule": { + "description": "AlertRule represents the configuration of an alert type", + "properties": { + "allRules": { + "description": "AllRules controls whether an alert is sent out for audits on all policy rules.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled controls whether the rule is enabled.\n", + "type": "boolean" + }, + "rules": { + "description": "AssociatedRules defines the specific rules whose audits will generate alerts (relevant only if AllRules is false).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.AlertSettings": { + "description": "AlertSettings are the global alert settings", + "properties": { + "aggregationPeriodMs": { + "description": "AggregationPeriodMs is the alert aggregation period in milliseconds.\n", + "type": "integer" + }, + "securityAdvisorWebhook": { + "description": "SecurityAdvisorWebhook is a webhook for IBM security advisor alert wizard, used to authenticate the wizard with the console and to pull data.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertType": { + "description": "AlertType represents an alert type", + "enum": [ + [ + "", + "defender", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "agentlessAppFirewall", + "networkFirewall", + "containerVulnerability", + "registryVulnerability", + "containerCompliance", + "hostVulnerability", + "hostCompliance", + "hostRuntime", + "incident", + "serverlessRuntime", + "kubernetesAudit", + "cloudDiscovery", + "admission", + "containerComplianceScan", + "hostComplianceScan", + "waasHealth", + "vmVulnerability", + "vmCompliance", + "containerSecurityEvents", + "hostSecurityEvents" + ] + ], + "type": "string" + }, + "api.AssetCountResponse": { + "properties": { + "activeAssetCount": { + "description": "ActiveAssetCount is the count of active assets.\n", + "type": "integer" + }, + "prismaApiId": { + "description": "PrismaAPIID is the queried Prisma API ID/asset type enum.\n", + "type": "integer" + } + }, + "type": "object" + }, + "api.AssetListResponse": { + "properties": { + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "prismaApiId": { + "description": "PrismaAPIID is the queried Prisma API ID/asset type enum.\n", + "type": "integer" + }, + "value": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/api.AssetValue" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.AssetValue": { + "properties": { + "cloudType": { + "description": ".\n", + "type": "string" + }, + "region": { + "description": ".\n", + "type": "string" + }, + "uniqueResourceName": { + "description": "the external ID of the asset.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AuthType": { + "description": "AuthType is the user authentication type", + "enum": [ + [ + "saml", + "ldap", + "basic", + "oauth", + "oidc" + ] + ], + "type": "string" + }, + "api.AuthenticationRequest": { + "description": "AuthenticationRequest is the required user input for authentication requests", + "properties": { + "password": { + "description": "Password is the password used for authentication.\n", + "type": "string" + }, + "token": { + "description": "Token is the Prisma JWT token used for authentication.\n", + "type": "string" + }, + "username": { + "description": "Username is the username used for authentication.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AuthenticationResponse": { + "description": "AuthenticationResponse returns the result of calling the authentication endpoint", + "properties": { + "token": { + "description": "Token is the new JWT token.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.BuildahFeatureStatus": { + "description": "BuildahFeatureStatus holds the response for the buildah feature status", + "properties": { + "enabled": { + "description": "Enabled is the buildah feature enabled/disabled indicator.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.CortexApp": { + "description": "CortexApp identifies a Cortex application (there are several)", + "enum": [ + [ + "xsoar", + "xdr" + ] + ], + "type": "string" + }, + "api.DefenderInstallScriptOptions": { + "description": "DefenderInstallScriptOptions holds the parameters for defender install script download", + "properties": { + "port": { + "description": "Port is the communication port between the defender and the console.\n", + "type": "integer" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + } + }, + "type": "object" + }, + "api.InitStatus": { + "description": "InitStatus returns whether the console is initialized (i.e., if initial user/password is set)", + "properties": { + "initialized": { + "description": "Initialized indicates whether the console is initialized.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.JIRADynamicField": { + "description": "JIRADynamicField represents a value that can be given as a string or as a dynamic label\nSee more: https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-issues/#api-rest-api-2-issue-post", + "properties": { + "id": { + "description": "ID is the field ID.\n", + "type": "string" + }, + "labels": { + "description": "Labels are the dynamic labels of which the value is based on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the static string field.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.JIRADynamicLabels": { + "description": "JIRADynamicLabels represents JIRA labels that can be given as strings or as a dynamic label", + "properties": { + "labels": { + "description": "Labels are the dynamic labels of which JIRA labels are based on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "names": { + "description": "Names are the static strings field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.LicenseRequest": { + "description": "LicenseRequest is a request to setup a new license", + "properties": { + "key": { + "description": "Key is the license key.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.PagerDutyAlertSeverity": { + "description": "PagerDutyAlertSeverity is the severity of an alert triggered in PagerDuty", + "enum": [ + [ + "critical", + "error", + "warning", + "info" + ] + ], + "type": "string" + }, + "api.Permission": { + "description": "Permission represents a user or group's permission to access a specific resource.\nCurrently supported resources are:\n- Project - Access to a specific project (if empty, the Master Project by default)\n- Collection - The set of collections in the project that may be accessed (all if empty)\nIf no permissions are assigned, all projects and collections may be accessed", + "properties": { + "collections": { + "description": "List of collections the user can access.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "project": { + "description": "Names of projects which the user can access.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.Permissions": { + "description": "Permissions is a list of permissions", + "items": { + "$ref": "#/components/schemas/api.Permission" + }, + "type": "array" + }, + "api.ProjectSettings": { + "description": "ProjectSettings are settings for supporting federated console", + "properties": { + "master": { + "description": "Master indicates that project feature is enabled and that this console is the master console.\n", + "type": "boolean" + }, + "redirectURL": { + "description": "RedirectURL is the redirectURL for the given project.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.ResolveFunctionsReq": { + "description": "ResolveFunctionsReq represents the parameters supported by the functions resolution API", + "properties": { + "functions": { + "description": "Functions is the list of functions to evaluate.\n", + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveFunctionsResp": { + "description": "ResolveFunctionsResp represents the functions resolution API output", + "properties": { + "functions": { + "description": "Functions is the list of functions that were resolved.\n", + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveImagesReq": { + "description": "ResolveImagesReq represents the parameters supported by the images resolution API", + "properties": { + "images": { + "description": "Images is the list of image to resolve.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveImagesResp": { + "description": "ResolveImagesResp represents the images resolution API output", + "properties": { + "images": { + "description": "Images is the list of images that were resolved.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ServiceNowApp": { + "description": "ServiceNowApp identifies a ServiceNow application (there are several)\nfor more details, see:\nhttps://docs.servicenow.com/bundle/orlando-security-management/page/product/security-operations/concept/security-operations-intro.html", + "enum": [ + [ + "securityIncidentsResponse", + "vulnerabilityResponse" + ] + ], + "type": "string" + }, + "api.User": { + "description": "User represents a user in Twistlock", + "properties": { + "authType": { + "$ref": "#/components/schemas/api.AuthType" + }, + "lastModified": { + "description": "Datetime when the user was created or last modified.\n", + "format": "date-time", + "type": "string" + }, + "password": { + "description": "Password for authentication.\n", + "type": "string" + }, + "permissions": { + "$ref": "#/components/schemas/api.Permissions" + }, + "role": { + "description": "User role.\n", + "type": "string" + }, + "username": { + "description": "Username for authentication.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.UserList": { + "description": "UserList represents a list of users", + "items": { + "$ref": "#/components/schemas/api.User" + }, + "type": "array" + }, + "appembedded.FargateTask": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "FargateTask represents the generic fargate task AWS template", + "type": "object" + }, + "applicationcontrol.Application": { + "description": "Application contains data about allowed installed versions for an application", + "properties": { + "allowedVersions": { + "$ref": "#/components/schemas/vulnerability.Conditions" + }, + "name": { + "description": "Name is the name of the application.\n", + "type": "string" + } + }, + "type": "object" + }, + "applicationcontrol.Rule": { + "description": "Rule represents an application control policy rule", + "properties": { + "_id": { + "description": "ID is the ID of the rule.\n", + "type": "integer" + }, + "applications": { + "description": "Applications are rules configuring the desired effect per application.\n", + "items": { + "$ref": "#/components/schemas/applicationcontrol.Application" + }, + "type": "array" + }, + "description": { + "description": "Description is the rule description.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the rule's severity.\n", + "type": "string" + } + }, + "type": "object" + }, + "bool": { + "type": "boolean" + }, + "byte": { + "format": "byte", + "type": "string" + }, + "ccs.AccountMessage": { + "description": "AccountMessage is a cloud account message", + "properties": { + "accountID": { + "description": "AccountID is the account ID.\n", + "type": "string" + }, + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "cloudType": { + "description": "CloudType is the account type.\n", + "type": "string" + }, + "deleted": { + "description": "Deleted is true if this account is marked deleted.\n", + "type": "boolean" + }, + "enrichedFeatures": { + "description": "Features is a list of enabled features and their mode.\n", + "items": { + "$ref": "#/components/schemas/ccs.Feature" + }, + "type": "array" + }, + "features": { + "description": "EnabledFeatures is a list of enabled feature names, kept for bc.\n", + "items": { + "$ref": "#/components/schemas/ccs.FeatureName" + }, + "type": "array" + }, + "lastModified": { + "description": "LastModified is the last time this account was modified.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "AccountName is the account name.\n", + "type": "string" + }, + "organizationName": { + "description": "OrganizationName is the organization the account belongs to (if any).\n", + "type": "string" + } + }, + "type": "object" + }, + "ccs.ConsoleMessage": { + "description": "ConsoleMessage is a generic console message which contains one type of message, e.g. account, alert rule, etc.", + "properties": { + "accountMessage": { + "$ref": "#/components/schemas/ccs.AccountMessage" + }, + "type": { + "$ref": "#/components/schemas/ccs.MsgType" + } + }, + "type": "object" + }, + "ccs.Feature": { + "properties": { + "mode": { + "$ref": "#/components/schemas/cloudaccount.FeatureMode" + }, + "name": { + "$ref": "#/components/schemas/ccs.FeatureName" + } + }, + "type": "object" + }, + "ccs.FeatureName": { + "description": "FeatureName is the account feature name", + "enum": [ + [ + "agentless", + "serverless", + "cloud-discovery", + "auto-protect" + ] + ], + "type": "string" + }, + "ccs.MsgType": { + "description": "MsgType is the message type, e.g. `account`, `alert-rule`, etc", + "enum": [ + [ + "account" + ] + ], + "type": "string" + }, + "cloudaccount.FeatureMode": { + "enum": [ + [ + "cloud-scan", + "target-scan", + "hub-scan", + "hub" + ] + ], + "type": "string" + }, + "clustereddb.AddMemberRequest": { + "description": "AddMemberRequest represents a request for adding a member to the clustered DB pool", + "properties": { + "address": { + "description": "Address is the member address to add.\n", + "type": "string" + } + }, + "type": "object" + }, + "clustereddb.ReplicaSetMemberStateStr": { + "description": "ReplicaSetMemberStateStr is a string representation of a member's state\nRef. https://docs.mongodb.com/v4.4/reference/replica-states/", + "enum": [ + [ + "STARTUP", + "PRIMARY", + "SECONDARY", + "RECOVERING", + "STARTUP2", + "UNKNOWN", + "ARBITER", + "DOWN", + "ROLLBACK", + "REMOVED" + ] + ], + "type": "string" + }, + "clustereddb.ReplicaSetMemberStatus": { + "description": "ReplicaSetMemberStatus represents replica set member's status\nRef. https://docs.mongodb.com/v4.4/reference/command/replSetGetStatus/#mongodb-data-replSetGetStatus.members", + "properties": { + "name": { + "description": "Name is the member's name (hostname address).\n", + "type": "string" + }, + "stateStr": { + "$ref": "#/components/schemas/clustereddb.ReplicaSetMemberStateStr" + } + }, + "type": "object" + }, + "clustereddb.Settings": { + "description": "Settings represents the clustered DB settings", + "properties": { + "loadBalancerAddress": { + "description": "LoadBalancerAddress is the address of the customer's load balancer in clustered DB mode. All clients (including Defenders) are reaching the Console through the load balancer.\n", + "type": "string" + }, + "seedConsoleAddress": { + "description": "SeedConsoleAddress allows editing the address of the seed Console (optional).\n", + "type": "string" + } + }, + "type": "object" + }, + "clustereddb.StatusResponse": { + "description": "StatusResponse represents the response to a clustered DB status request", + "properties": { + "date": { + "description": "Date indicates the current time according to the queried Mongo server.\n", + "format": "date-time", + "type": "string" + }, + "loadBalancerAddress": { + "description": "LoadBalancerAddress represents the address of the load balancer.\n", + "type": "string" + }, + "members": { + "description": "Members are the replica set members.\n", + "items": { + "$ref": "#/components/schemas/clustereddb.ReplicaSetMemberStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.AllowAllConnections": { + "description": "AllowAllConnections indicates if connections are allowed to/from any entity of the specified types\ne.g. if inbound contains the type subnet, the entity is allowed to receive connections from any subnet", + "properties": { + "inbound": { + "description": "Inbound indicates if connections are allowed from any entity of the specified types.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + }, + "type": "array" + }, + "outbound": { + "description": "Outbound indicates if connections are allowed to any entity of the specified types.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.ContainerAudit": { + "description": "ContainerAudit represents a network firewall audit event", + "properties": { + "block": { + "description": "Block indicates whether the connection was blocked.\n", + "type": "boolean" + }, + "count": { + "description": "Count is the event occurrences count.\n", + "type": "integer" + }, + "dstContainerName": { + "description": "DstContainerName is the destination container name.\n", + "type": "string" + }, + "dstDomain": { + "description": "DstDomain is the destination domain that was queried.\n", + "type": "string" + }, + "dstImageName": { + "description": "DstImage is the destination image name.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the connection destination port.\n", + "type": "integer" + }, + "dstProfileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "dstProfileID": { + "description": "DstProfileID is the destination profile ID.\n", + "type": "string" + }, + "dstSubnet": { + "description": "DstSubnet is the destination subnet.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the custom labels associated with the target container.\n", + "type": "object" + }, + "msg": { + "description": "Message is the event message.\n", + "type": "string" + }, + "ruleID": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "srcContainerName": { + "description": "SrcContainerName is the source container name.\n", + "type": "string" + }, + "srcImageName": { + "description": "SrcImage is the source image name.\n", + "type": "string" + }, + "srcProfileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcProfileID": { + "description": "SrcProfileID is the source profile ID.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cnnf.NetworkFirewallAttackType" + } + }, + "type": "object" + }, + "cnnf.EntityID": { + "description": "EntityID represents the ID of each network firewall entity.\n20 bits are used. Max legal value: 2^20-1", + "type": "integer" + }, + "cnnf.HostAudit": { + "description": "HostAudit represents a host network firewall audit event", + "properties": { + "accountID": { + "description": "AccountID is the host account ID.\n", + "type": "string" + }, + "block": { + "description": "Block indicates whether the connection was blocked.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "count": { + "description": "Count is the event occurrences count.\n", + "type": "integer" + }, + "dstHostname": { + "description": "DstHostname is the destination hostname.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the connection destination port.\n", + "type": "integer" + }, + "dstSubnet": { + "description": "DstSubnet is the destination subnet.\n", + "type": "string" + }, + "msg": { + "description": "Message is the event message.\n", + "type": "string" + }, + "ruleID": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "srcHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcHostname": { + "description": "SrcHostname is the source hostname.\n", + "type": "string" + }, + "srcSubnet": { + "description": "SrcSubnet is the source subnet.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cnnf.NetworkFirewallAttackType" + } + }, + "type": "object" + }, + "cnnf.NetworkEntities": { + "description": "NetworkEntities represents a list of network firewall entities", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + }, + "cnnf.NetworkEntity": { + "description": "NetworkEntity represents a network firewall entity", + "properties": { + "_id": { + "$ref": "#/components/schemas/cnnf.EntityID" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "collections": { + "description": "Collections indicate the collection the entity is part of.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "domains": { + "description": "Domains is a list of domains.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the entity name.\n", + "type": "string" + }, + "subnets": { + "description": "Subnets are the CIDR format network.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Subnet" + }, + "type": "array" + }, + "type": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + } + }, + "type": "object" + }, + "cnnf.NetworkFirewallAttackType": { + "description": "NetworkFirewallAttackType is the network firewall type of attack", + "enum": [ + [ + "unexpectedConnection" + ] + ], + "type": "string" + }, + "cnnf.Policy": { + "description": "Policy holds the data for firewall policies (host and container)", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "containerEnabled": { + "description": "ContainerEnabled indicates whether container network firewall feature is enabled.\n", + "type": "boolean" + }, + "containerRules": { + "description": "ContainerRules holds the container firewall rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Rule" + }, + "type": "array" + }, + "hostEnabled": { + "description": "HostEnabled indicates whether host network firewall feature is enabled.\n", + "type": "boolean" + }, + "hostRules": { + "description": "HostRules holds the host firewall rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Rule" + }, + "type": "array" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "networkEntities": { + "$ref": "#/components/schemas/cnnf.NetworkEntities" + }, + "owner": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "cnnf.RadarConnectionInstance": { + "description": "RadarConnectionInstance is an instance of a connection between two radar endpoints", + "properties": { + "dst": { + "description": "Dst is the dst of the connection instance. Typically kept as an IP or a hostname.\n", + "type": "string" + }, + "policyRule": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "port": { + "$ref": "#/components/schemas/common.PortData" + }, + "src": { + "description": "Src is the src of the connection instance. Typically kept as an IP or a hostname.\n", + "type": "string" + }, + "time": { + "description": "Time is the time the connection instance was added.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "cnnf.RadarConnectionInstances": { + "description": "RadarConnectionInstances holds the recent connections history between 2 entities (hosts, subnet entities, etc)", + "properties": { + "instances": { + "description": "Instances are connection samples.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstance" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.RadarPolicyRule": { + "description": "RadarPolicyRule holds the data of a single policy rule", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "portRanges": { + "description": "PortRanges specify the ranges of ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.Rule": { + "description": "Rule contains the properties common to both host and container network firewall", + "properties": { + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "dst": { + "$ref": "#/components/schemas/cnnf.EntityID" + }, + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "id": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "ports": { + "description": "Ports are the entity port range specifications.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "src": { + "$ref": "#/components/schemas/cnnf.EntityID" + } + }, + "type": "object" + }, + "cnnf.RuleEntityType": { + "description": "RuleEntityType is the network firewall rule entity type", + "enum": [ + [ + "container", + "host", + "subnet", + "dns" + ] + ], + "type": "string" + }, + "cnnf.RuleID": { + "description": "RuleID represents the ID of each container network firewall policy rule", + "type": "integer" + }, + "cnnf.Subnet": { + "description": "Subnet is a network firewall subnet", + "properties": { + "cidr": { + "description": "CIDR is the IP range of the defined entity.\n", + "type": "string" + }, + "name": { + "description": "Name is the given name to represent the range.\n", + "type": "string" + } + }, + "type": "object" + }, + "coderepos.ManifestFile": { + "description": "ManifestFile holds the data of a specific manifest file (can also be of a dependency manifest file)", + "properties": { + "dependencies": { + "description": "Packages listed in the manifest file.\n", + "items": { + "$ref": "#/components/schemas/coderepos.PkgDependency" + }, + "type": "array" + }, + "distribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "path": { + "description": "Path to the file.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "coderepos.PkgDependency": { + "description": "PkgDependency represents a required package", + "properties": { + "devDependency": { + "description": "Indicates if this dependency is used only for the development of the package (true) or not (false).\n", + "type": "boolean" + }, + "lastResolved": { + "description": "Date/time of the last version resolution. If the value is zero, it means the version is explicit and does not require resolving.\n", + "format": "date-time", + "type": "string" + }, + "licenseSeverity": { + "description": "Maximum severity of the detected licenses according to the compliance policy.\n", + "type": "string" + }, + "licenses": { + "description": "Detected licenses of the dependant package.\n", + "items": { + "$ref": "#/components/schemas/license.SPDXLicense" + }, + "type": "array" + }, + "name": { + "description": "Package name that the dependency refers to.\n", + "type": "string" + }, + "rawRequirement": { + "description": "Line in which the package is declared.\n", + "type": "string" + }, + "unsupported": { + "description": "Indicates if this package is unsupported by the remote package manager DB (e.g., due to a bad name or private package) (true) or not (false).\n", + "type": "boolean" + }, + "version": { + "description": "Package version, either explicitly specified in a manifest or resolved by the scanner.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "Vulnerabilities in the package.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "coderepos.Repository": { + "description": "Repository is the metadata for a code repository", + "properties": { + "build": { + "description": "CI build.\n", + "type": "string" + }, + "defaultBranch": { + "description": "Default branch in the repository, usually master.\n", + "type": "string" + }, + "digest": { + "description": "Repository content digest. Used to indicate if the content of the repository has changed.\n", + "type": "string" + }, + "fullName": { + "description": "Full name that represents the repository (/).\n", + "type": "string" + }, + "jobName": { + "description": "CI job name.\n", + "type": "string" + }, + "name": { + "description": "Repository name.\n", + "type": "string" + }, + "owner": { + "description": "GitHub username or organization name of the repository's owner.\n", + "type": "string" + }, + "private": { + "description": "Indicates if the repository is private (true) or not (false).\n", + "type": "boolean" + }, + "size": { + "description": "Size of the repository (in KB).\n", + "type": "integer" + }, + "url": { + "description": "URL is the repository address.\n", + "type": "string" + } + }, + "type": "object" + }, + "coderepos.ScanResult": { + "description": "ScanResult holds a specific repository data", + "properties": { + "_id": { + "description": "Scan report ID in the database.\n", + "type": "string" + }, + "collections": { + "description": "List of matching code repo collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceRiskScore": { + "description": "Code repository's compliance risk score. Used for sorting.\n", + "format": "float", + "type": "number" + }, + "files": { + "description": "Scan result for each manifest file in the repository.\n", + "items": { + "$ref": "#/components/schemas/coderepos.ManifestFile" + }, + "type": "array" + }, + "pass": { + "description": "Indicates whether the scan passed or failed.\n", + "type": "boolean" + }, + "repository": { + "$ref": "#/components/schemas/coderepos.Repository" + }, + "scanTime": { + "description": "Date/time when this repository was last scanned. The results might be from the DB and not updated if the repository contents have not changed.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.CodeRepoProviderType" + }, + "updateTime": { + "description": "Date/time when this repository was last updated.\n", + "format": "date-time", + "type": "string" + }, + "vulnInfo": { + "$ref": "#/components/schemas/shared.ImageInfo" + }, + "vulnerabilityRiskScore": { + "description": "Code repository's CVE risk score. Used for sorting.\n", + "format": "float", + "type": "number" + }, + "vulnerableFiles": { + "description": "Counts how many files have vulnerabilities. Vulnerability info is calculated on demand.\n", + "type": "integer" + } + }, + "type": "object" + }, + "collection.Collection": { + "description": "Collection is a collection of resources", + "properties": { + "accountIDs": { + "description": "List of account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "appIDs": { + "description": "List of application IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "clusters": { + "description": "List of Kubernetes cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "containers": { + "description": "List of containers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "description": { + "description": "Free-form text.\n", + "type": "string" + }, + "functions": { + "description": "List of functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hosts": { + "description": "List of hosts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "images": { + "description": "List of images.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "modified": { + "description": "Datetime when the collection was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Collection name. Must be unique.\n", + "type": "string" + }, + "namespaces": { + "description": "List of Kubernetes namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "owner": { + "description": "User who created or last modified the collection.\n", + "type": "string" + }, + "prisma": { + "description": "Indicates whether this collection originates from Prisma Cloud.\n", + "type": "boolean" + }, + "system": { + "description": "Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "collection.Usage": { + "description": "Usage represents details of a collection being used", + "properties": { + "name": { + "description": "Name of the consumer (e.g., container runtime, username, etc.).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/collection.UsageType" + } + }, + "type": "object" + }, + "collection.UsageType": { + "description": "UsageType represents a collection usage type", + "enum": [ + [ + "policy", + "settings", + "user", + "group", + "registryScan" + ] + ], + "type": "string" + }, + "common.CloudMetadata": { + "description": "CloudMetadata is the metadata for a cloud provider managed asset (e.g., as part of AWS/GCP/Azure/OCI)", + "properties": { + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "awsExecutionEnv": { + "description": "AWS execution environment (e.g. EC2/Fargate).\n", + "type": "string" + }, + "image": { + "description": "The name of the image the cloud managed host or container is based on.\n", + "type": "string" + }, + "labels": { + "description": "Cloud provider metadata labels.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "name": { + "description": "Resource name.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Resource's region.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource.\n", + "type": "string" + }, + "resourceURL": { + "description": "Server-defined URL for the resource.\n", + "type": "string" + }, + "type": { + "description": "Instance type.\n", + "type": "string" + }, + "vmID": { + "description": "Azure unique vm ID.\n", + "type": "string" + }, + "vmImageID": { + "description": "VMImageID holds the VM instance's image ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.CloudProvider": { + "description": "CloudProvider specifies the cloud provider name", + "enum": [ + [ + "aws", + "azure", + "gcp", + "alibaba", + "oci", + "others" + ] + ], + "type": "string" + }, + "common.ClusterType": { + "description": "ClusterType is the cluster type", + "enum": [ + [ + "AKS", + "ECS", + "EKS", + "GKE", + "Kubernetes" + ] + ], + "type": "string" + }, + "common.Color": { + "description": "Color is a hexadecimal representation of color code value", + "type": "string" + }, + "common.ContainerRuntime": { + "description": "ContainerRuntime represents the supported container runtime types", + "enum": [ + [ + "docker", + "containerd", + "crio" + ] + ], + "type": "string" + }, + "common.DaemonSetOptions": { + "description": "DaemonSetOptions are options for creating the daemonset install script for defenders", + "properties": { + "annotations": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Annotations is mapping of key-value pairs of annotations metadata - optional.\n", + "type": "object" + }, + "bottlerocket": { + "description": "Bottlerocket indicates whether to be deployed on a Bottlerocket Linux OS.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the kubernetes or ecs cluster name.\n", + "type": "string" + }, + "clusterNameResolvingMethod": { + "description": "ClusterNameResolvingMethod is the method used to resolve the cluster name, could be default, manual or api-server.\n", + "type": "string" + }, + "collectPodLabels": { + "description": "CollectPodLabels indicates whether to collect pod related labels resource labels.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address for defender communication.\n", + "type": "string" + }, + "containerRuntime": { + "$ref": "#/components/schemas/common.ContainerRuntime" + }, + "cpuLimit": { + "description": "CPULimit is the cpu limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "dockerSocketPath": { + "description": "DockerSocketPath is the path of the docker socket file.\n", + "type": "string" + }, + "gkeAutopilot": { + "description": "GKEAutopilot indicates the deployment is requested for GKE Autopilot.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the full daemonset image name.\n", + "type": "string" + }, + "istio": { + "description": "MonitorIstio indicates whether to monitor Istio.\n", + "type": "boolean" + }, + "memoryLimit": { + "description": "MemoryLimit is a memory limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "namespace": { + "description": "Namespace is the target deamonset namespaces.\n", + "type": "string" + }, + "nodeSelector": { + "description": "NodeSelector is a key/value node selector.\n", + "type": "string" + }, + "orchestration": { + "description": "Orchestration is the orchestration type.\n", + "type": "string" + }, + "priorityClassName": { + "description": "PriorityClassName is the name of the priority class for the defender - optional.\n", + "type": "string" + }, + "privileged": { + "description": "Privileged indicates whether to run defenders as privileged.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "roleARN": { + "description": "RoleARN is the role's ARN to associate with the created service account - optional.\n", + "type": "string" + }, + "secretsname": { + "description": "SecretsName is the name of the secret to pull.\n", + "type": "string" + }, + "selinux": { + "description": "SelinuxEnforced indicates whether selinux is enforced on the target host.\n", + "type": "boolean" + }, + "serviceaccounts": { + "description": "MonitorServiceAccounts indicates whether to monitor service accounts.\n", + "type": "boolean" + }, + "talos": { + "description": "Talos indicates if the daemonset is to be deployed on a Talos Linux k8s cluster.\n", + "type": "boolean" + }, + "tolerations": { + "description": "Tolerations is a list of tolerations for the defender deamonset - optional.\n", + "items": { + "$ref": "#/components/schemas/common.Toleration" + }, + "type": "array" + }, + "uniqueHostname": { + "description": "UniqueHostname indicates whether to assign unique hostnames.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "common.DefenderProxyOpt": { + "description": "DefenderProxyOpt holds options for defender proxy configuration\nIt embeds ProxySettings but override it's Password field with a simple string\nThis is needed in order to avoid Secret's MarshalJSON method, which depends on existence of master key file", + "properties": { + "ca": { + "description": "Proxy's CA for Defender to trust. Required when using TLS intercept proxies.\n", + "type": "string" + }, + "httpProxy": { + "description": "Proxy address.\n", + "type": "string" + }, + "noProxy": { + "description": "List of addresses for which the proxy should not be used.\n", + "type": "string" + }, + "password": { + "description": ".\n", + "type": "string" + }, + "user": { + "description": "Username to authenticate with the proxy.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.Effect": { + "description": "Effect is the effect that is used in the CNNF rule", + "enum": [ + [ + "allow", + "alert", + "prevent", + "monitor", + "" + ] + ], + "type": "string" + }, + "common.ExternalLabel": { + "description": "ExternalLabel holds an external label with a source and timestamp", + "properties": { + "key": { + "description": "Label key.\n", + "type": "string" + }, + "sourceName": { + "description": "Source name (e.g., for a namespace, the source name can be 'twistlock').\n", + "type": "string" + }, + "sourceType": { + "$ref": "#/components/schemas/common.ExternalLabelSourceType" + }, + "timestamp": { + "description": "Time when the label was fetched.\n", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "Value of the label.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.ExternalLabelSourceType": { + "description": "ExternalLabelSourceType indicates the source of the labels", + "enum": [ + [ + "namespace", + "deployment", + "aws", + "azure", + "gcp", + "oci" + ] + ], + "type": "string" + }, + "common.HostForensicSettings": { + "description": "HostForensicSettings indicates how to perform host forensic", + "properties": { + "activitiesDisabled": { + "description": "ActivitiesDisabled indicates if the host activity collection is enabled/disabled.\n", + "type": "boolean" + }, + "dockerEnabled": { + "description": "DockerEnabled indicates whether docker commands are collected.\n", + "type": "boolean" + }, + "readonlyDockerEnabled": { + "description": "ReadonlyDockerEnabled indicates whether docker readonly commands are collected.\n", + "type": "boolean" + }, + "serviceActivitiesEnabled": { + "description": "ServiceActivitiesEnabled indicates whether activities from services are collected.\n", + "type": "boolean" + }, + "sshdEnabled": { + "description": "SshdEnabled indicates whether ssh commands are collected.\n", + "type": "boolean" + }, + "sudoEnabled": { + "description": "SudoEnabled indicates whether sudo commands are collected.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "common.ImageType": { + "description": "ImageType is the type of a VM image.\nFor example, in the case of Azure this is one of marketplace/managed/gallery.", + "type": "string" + }, + "common.NetworkDeviceIP": { + "description": "NetworkDeviceIP represents a network device name and address pair", + "properties": { + "ip": { + "description": "Network device IPv4 address.\n", + "type": "string" + }, + "name": { + "description": "Network device name.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.OSDistroInfo": { + "description": "OSDistroInfo represents information regarding the OS distribution", + "properties": { + "distro": { + "description": "Distro is the OS distro name (e.g. ubuntu).\n", + "type": "string" + }, + "distroRelease": { + "description": "DistroRelease is the OS distro release (e.g. willy).\n", + "type": "string" + }, + "fullName": { + "description": "FullName is the full name of the distro (e.g. Ubuntu 19.10).\n", + "type": "string" + }, + "version": { + "description": "Version is the OS release numeric version (e.g. 19.10).\n", + "type": "string" + } + }, + "type": "object" + }, + "common.PolicyBlockMsg": { + "description": "PolicyBlockMsg represent the block message in a Policy", + "type": "string" + }, + "common.PolicyEffect": { + "description": "PolicyEffect state the effect of evaluating the given policy", + "enum": [ + [ + "allow", + "deny", + "block", + "alert" + ] + ], + "type": "string" + }, + "common.PolicyType": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + }, + "common.PortData": { + "description": "PortData is a port of connections with his metadata", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "protocol": { + "description": "Protocol is the protocol used in the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.PortRange": { + "description": "PortRange represents a port range", + "properties": { + "deny": { + "description": "Deny indicates whether the connection is denied.\n", + "type": "boolean" + }, + "end": { + "description": ".\n", + "type": "integer" + }, + "start": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "common.ProfileHash": { + "description": "ProfileHash represents the profile hash\nIt is allowed to contain up to uint32 numbers, and represented by int64 since mongodb does not support unsigned data types", + "format": "int64", + "type": "integer" + }, + "common.ProfilePort": { + "description": "ProfilePort represents a networking profile port", + "properties": { + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "time": { + "description": "Time is the learning timestamp of this port.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "common.ProfilePortData": { + "description": "ProfilePortData represents a runtime profile ports data", + "properties": { + "all": { + "description": "All indicates that this port data represents any arbitrary ports.\n", + "type": "boolean" + }, + "ports": { + "description": "Ports is the list of profile runtime ports.\n", + "items": { + "$ref": "#/components/schemas/common.ProfilePort" + }, + "type": "array" + } + }, + "type": "object" + }, + "common.ProxySettings": { + "description": "ProxySettings are the http proxy settings", + "properties": { + "ca": { + "description": "Proxy's CA for Defender to trust. Required when using TLS intercept proxies.\n", + "type": "string" + }, + "httpProxy": { + "description": "Proxy address.\n", + "type": "string" + }, + "noProxy": { + "description": "List of addresses for which the proxy should not be used.\n", + "type": "string" + }, + "password": { + "$ref": "#/components/schemas/common.Secret" + }, + "user": { + "description": "Username to authenticate with the proxy.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.RuntimeResource": { + "description": "RuntimeResource represents on which resource in the system a rule applies (e.g., specific host or image)\nEmpty resource or wildcard (*) represents all resources of a given type", + "properties": { + "accountIDs": { + "description": "List of account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "appIDs": { + "description": "List of application IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "clusters": { + "description": "List of Kubernetes cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containers": { + "description": "List of containers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "functions": { + "description": "List of functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hosts": { + "description": "List of hosts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "images": { + "description": "List of images.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "namespaces": { + "description": "List of Kubernetes namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "common.Secret": { + "description": "Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database", + "properties": { + "encrypted": { + "description": "Specifies an encrypted value of the secret.\n", + "type": "string" + }, + "plain": { + "description": "Specifies the plain text value of the secret.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.Toleration": { + "description": "Toleration holds options for pod toleration\nref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/\ncode ref: k8s.io/api/core/v1/types.go", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n+optional.\n", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.\n+optional.\n", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.\n+optional.\n", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.\n+optional.\n", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.\n+optional.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.AzureMIType": { + "enum": [ + [ + "user-assigned", + "system-assigned" + ] + ], + "type": "string" + }, + "cred.AzureSPInfo": { + "description": "AzureSPInfo contains the Azure credentials needed for certificate based authentications", + "properties": { + "clientId": { + "description": "ClientID is the client identifier.\n", + "type": "string" + }, + "miType": { + "$ref": "#/components/schemas/cred.AzureMIType" + }, + "subscriptionId": { + "description": "SubscriptionID is a GUID that uniquely identifies the subscription to use Azure services.\n", + "type": "string" + }, + "tenantId": { + "description": "TenantID is the ID of the AAD directory in which the application was created.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.Credential": { + "description": "Credential specifies the authentication data of an external provider", + "properties": { + "_id": { + "description": "Specifies the unique ID for credential.\n", + "type": "string" + }, + "accountGUID": { + "description": "Specifies the unique ID for an IBM Cloud account.\n", + "type": "string" + }, + "accountID": { + "description": "Specifies the account identifier. Example: a username, access key, account GUID, and so on.\n", + "type": "string" + }, + "accountName": { + "description": "Specifies the name of the cloud account.\n", + "type": "string" + }, + "apiToken": { + "$ref": "#/components/schemas/common.Secret" + }, + "azureSPInfo": { + "$ref": "#/components/schemas/cred.AzureSPInfo" + }, + "caCert": { + "description": "Specifies the CA certificate for a certificate-based authentication.\n", + "type": "string" + }, + "cloudProviderAccountID": { + "description": "Specifies the cloud provider account ID.\n", + "type": "string" + }, + "created": { + "description": "Specifies the time when the credential was created (or, when the account ID was changed for AWS).\n", + "format": "date-time", + "type": "string" + }, + "description": { + "description": "Specifies the description for a credential.\n", + "type": "string" + }, + "external": { + "description": "Indicates whether the credential was onboarded from the Prisma platform.\n", + "type": "boolean" + }, + "global": { + "description": "Indicates whether the credential scope is global.\nAvailable values are:\ntrue: Global\nfalse: Not Global\nNote: For GCP, the credential scope is the organization.\n", + "type": "boolean" + }, + "lastModified": { + "description": "Specifies the time when the credential was last modified.\n", + "format": "date-time", + "type": "string" + }, + "ociCred": { + "$ref": "#/components/schemas/cred.OCICred" + }, + "owner": { + "description": "Specifies the user who created or modified the credential.\n", + "type": "string" + }, + "prismaLastModified": { + "description": "Specifies the time when the account was last modified by Prisma Cloud Compute.\n", + "format": "int64", + "type": "integer" + }, + "roleArn": { + "description": "Specifies the Amazon Resource Name (ARN) of the role to be assumed.\n", + "type": "string" + }, + "secret": { + "$ref": "#/components/schemas/common.Secret" + }, + "skipVerify": { + "description": "Indicates whether to skip the certificate verification in TLS communication.\n", + "type": "boolean" + }, + "stsEndpoints": { + "description": "Specifies a list of specific endpoints for use in STS sessions in various regions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "tokens": { + "$ref": "#/components/schemas/cred.TemporaryToken" + }, + "type": { + "$ref": "#/components/schemas/cred.Type" + }, + "url": { + "description": "Specifies the base server URL.\n", + "type": "string" + }, + "useAWSRole": { + "description": "Indicates whether to authenticate using the IAM Role attached to the instance.\nAvailable values are:\ntrue: Authenticate with the attached credentials\nfalse: Don\u2019t authenticate with the attached credentials.\n", + "type": "boolean" + }, + "useSTSRegionalEndpoint": { + "description": "Indicates whether to use the regional STS endpoint for an STS session.\nAvailable values are:\ntrue: Use the regional STS\nfalse: Don\u2019t use the regional STS.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "cred.OCICred": { + "description": "OCICred are additional parameters required for OCI credentials", + "properties": { + "fingerprint": { + "description": "Fingerprint is the public key signature.\n", + "type": "string" + }, + "tenancyId": { + "description": "TenancyID is the OCID of the tenancy.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.TemporaryToken": { + "description": "TemporaryToken is a temporary session token for cloud provider APIs\nAWS - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html\nGCP - https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials\nAzure - https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on", + "properties": { + "awsAccessKeyId": { + "description": "Specifies a temporary access key.\n", + "type": "string" + }, + "awsSecretAccessKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "duration": { + "description": "Specifies a duration for the token.\n", + "format": "int64", + "type": "integer" + }, + "expirationTime": { + "description": "Specifies an expiration time for the token.\n", + "format": "date-time", + "type": "string" + }, + "token": { + "$ref": "#/components/schemas/common.Secret" + } + }, + "type": "object" + }, + "cred.Type": { + "description": "Type specifies the credential type", + "enum": [ + [ + "aws", + "azure", + "gcp", + "ibmCloud", + "oci", + "apiToken", + "basic", + "dtr", + "kubeconfig", + "certificate", + "gitlabToken" + ] + ], + "type": "string" + }, + "cred.UsageType": { + "description": "UsageType represents the credential usage type", + "enum": [ + [ + "Alert settings", + "Alert profile", + "Registry Scan", + "Serverless Scan", + "Cloud Scan", + "Secret Store", + "Serverless Auto-Deploy", + "Host Auto-deploy", + "VM Scan", + "Agentless Scan Hub", + "Custom Intelligence Endpoint", + "VMware Tanzu blobstore Scan", + "Kubernetes Audit settings", + "Agentless app firewall" + ] + ], + "type": "string" + }, + "customrules.Action": { + "description": "Action is the action to perform if the custom rule applies", + "enum": [ + [ + "audit", + "incident" + ] + ], + "type": "string" + }, + "customrules.Effect": { + "description": "Effect is the effect that will be used for custom rule", + "enum": [ + [ + "block", + "prevent", + "alert", + "allow", + "ban", + "disable" + ] + ], + "type": "string" + }, + "customrules.Ref": { + "description": "Ref represents a custom rule that is referenced by a policy rule", + "properties": { + "_id": { + "description": "Custom rule ID.\n", + "type": "integer" + }, + "action": { + "$ref": "#/components/schemas/customrules.Action" + }, + "effect": { + "$ref": "#/components/schemas/customrules.Effect" + } + }, + "type": "object" + }, + "customrules.Rule": { + "description": "Rule represents a custom rule", + "properties": { + "_id": { + "description": "Rule ID. Must be unique.\n", + "type": "integer" + }, + "attackTechniques": { + "description": "List of attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "description": { + "description": "Description of the rule.\n", + "type": "string" + }, + "message": { + "description": "Macro that is printed as part of the audit/incident message.\n", + "type": "string" + }, + "minVersion": { + "description": "Minimum version required to support the rule.\n", + "type": "string" + }, + "modified": { + "description": "Datetime when the rule was created or last modified.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "owner": { + "description": "User who created or modified the rule.\n", + "type": "string" + }, + "script": { + "description": "Custom script.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/customrules.Type" + }, + "vulnIDs": { + "$ref": "#/components/schemas/customrules.VulnIDs" + } + }, + "type": "object" + }, + "customrules.Type": { + "description": "Type is the type of the custom rule", + "enum": [ + [ + "processes", + "filesystem", + "network-outgoing", + "kubernetes-audit", + "waas-request", + "waas-response" + ] + ], + "type": "string" + }, + "customrules.VulnIDs": { + "description": "VulnIDs is the list of vulnerability IDs", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defender.Category": { + "description": "Category represents the defender target category", + "enum": [ + [ + "container", + "host", + "serverless", + "appEmbedded", + "hostAgentless", + "containerAgentless" + ] + ], + "type": "string" + }, + "defender.Defender": { + "description": "Defender is an update about an agent starting", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "certificateExpiration": { + "description": "Client certificate expiration time.\n", + "format": "date-time", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster name (fallback is internal IP).\n", + "type": "string" + }, + "clusterID": { + "description": "Unique ID generated for each DaemonSet. Used to group Defenders by clusters. Note: Kubernetes does not provide a cluster name as part of its API.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "collections": { + "description": "Collections to which this Defender belongs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "compatibleVersion": { + "description": "Indicates if Defender has a compatible version for communication (e.g., request logs) (true) or not (false).\n", + "type": "boolean" + }, + "connected": { + "description": "Indicates whether Defender is connected (true) or not (false).\n", + "type": "boolean" + }, + "features": { + "$ref": "#/components/schemas/defender.Features" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "fqdn": { + "description": "Full domain name of the host. Used in audit alerts to identify specific hosts.\n", + "type": "string" + }, + "hostname": { + "description": "Name of host where Defender is deployed.\n", + "type": "string" + }, + "isARM64": { + "description": "IsARM64 indicates whether the defender runs on aarch64 architecture.\n", + "type": "boolean" + }, + "lastModified": { + "description": "Datetime when the Defender's connectivity status last changed.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port that Defender uses to connect to Console.\n", + "type": "integer" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "remoteLoggingSupported": { + "description": "Indicates if Defender logs can be retrieved remotely (true) or not (false).\n", + "type": "boolean" + }, + "remoteMgmtSupported": { + "description": "Indicates if Defender can be remotely managed (upgraded, restarted) (true) or not (false).\n", + "type": "boolean" + }, + "status": { + "$ref": "#/components/schemas/defender.Status" + }, + "systemInfo": { + "$ref": "#/components/schemas/defender.SystemInfo" + }, + "tasBlobstoreScanner": { + "description": "Indicates TAS blobstore scanning only Defender.\n", + "type": "boolean" + }, + "tasClusterID": { + "description": "TAS cluster ID where Defender runs. This is typically set to the Cloud controller's API address.\n", + "type": "string" + }, + "tasFoundation": { + "description": "TASFoundation is the foundation the Defender is running on.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/defender.Type" + }, + "usingOldCA": { + "description": "UsingOldCA indicates whether the defender client is using an old certificate signed by an old CA for TLS handshake.\n", + "type": "boolean" + }, + "version": { + "description": "Defender version.\n", + "type": "string" + }, + "vpcObserver": { + "description": "VPCObserver indicates whether the defender runs in a VPC observer.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "defender.FeatureStatus": { + "description": "FeatureStatus holds data about defender features", + "properties": { + "enabled": { + "description": "Indicates if the feature is enabled (true) or not (false).\n", + "type": "boolean" + }, + "err": { + "description": "Error string, if an error occurred.\n", + "type": "string" + }, + "hostname": { + "description": "Name of host where Defender runs.\n", + "type": "string" + } + }, + "type": "object" + }, + "defender.Features": { + "description": "Features is the defender features that can be updated", + "properties": { + "clusterMonitoring": { + "description": "Indicates whether any of the cluster monitoring features are enabled (monitor service accounts, monitor Istio, collect Kubernetes pod labels).\n", + "type": "boolean" + }, + "proxyListenerType": { + "$ref": "#/components/schemas/defender.ProxyListenerType" + } + }, + "type": "object" + }, + "defender.ProxyListenerType": { + "description": "ProxyListenerType is the proxy listener type of defenders", + "type": "string" + }, + "defender.ScanStatus": { + "description": "ScanStatus represents the status of current scan", + "properties": { + "completed": { + "description": "Indicates if scanning has successfully completed (true) or not (false).\n", + "type": "boolean" + }, + "errors": { + "description": "List of errors that occurred during the last scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Name of the host where Defender runs.\n", + "type": "string" + }, + "scanTime": { + "description": "Datetime of the last completed scan.\n", + "format": "date-time", + "type": "string" + }, + "scanning": { + "description": "Indicates whether scanning is in progress (true) or not (false).\n", + "type": "boolean" + }, + "selective": { + "description": "Indicates if the scan is for a specific resource (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "defender.Settings": { + "description": "Settings is the Defender settings", + "properties": { + "admissionControlEnabled": { + "description": "Indicates if the admission controller is enabled (true) or not (false).\n", + "type": "boolean" + }, + "admissionControlWebhookSuffix": { + "description": "Relative path to the admission control webhook HTTP endpoint.\n", + "type": "string" + }, + "appEmbeddedFileSystemTracingEnabled": { + "description": "AppEmbeddedFileSystemTracingEnabled is the default deployment state for app embedded Defenders file system tracing.\n", + "type": "boolean" + }, + "automaticUpgrade": { + "description": "Deprecated: indicates if defenders should be automatically upgraded to the latest version.\n", + "type": "boolean" + }, + "disconnectPeriodDays": { + "description": "Number of consecutive days a Defender must remain disconnected for it to be considered decommissioned.\n", + "type": "integer" + }, + "hostCustomComplianceEnabled": { + "description": "Indicates if Defenders support host custom compliance checks (true) or not (false).\n", + "type": "boolean" + }, + "listeningPort": { + "description": "Port on which Defenders listen.\n", + "type": "integer" + } + }, + "type": "object" + }, + "defender.Status": { + "description": "Status is the generic status state per defender or global", + "properties": { + "appFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "container": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "features": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "filesystem": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostCustomCompliance": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "image": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "lastModified": { + "description": "Datetime the status was last modified.\n", + "format": "date-time", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "outOfBandAppFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "process": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runc": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runtime": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "tasDroplets": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "upgrade": { + "$ref": "#/components/schemas/defender.UpgradeStatus" + } + }, + "type": "object" + }, + "defender.SystemInfo": { + "description": "SystemInfo is the OS information of the host", + "properties": { + "cpuCount": { + "description": "CPU count on the host where Defender runs.\n", + "type": "integer" + }, + "freeDiskSpaceGB": { + "description": "Free disk space (in GB) on the host where Defender runs.\n", + "type": "integer" + }, + "kernelVersion": { + "description": "Kernel version on the host where Defender runs.\n", + "type": "string" + }, + "memoryGB": { + "description": "Total memory (in GB) on the host where Defender runs.\n", + "format": "double", + "type": "number" + }, + "totalDiskSpaceGB": { + "description": "Total disk space (in GB) on the host where Defender runs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "defender.Type": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs" + ] + ], + "type": "string" + }, + "defender.UpgradeStatus": { + "description": "UpgradeStatus represents the status of current twistlock defender upgrade", + "properties": { + "err": { + "description": "Error string, if an error occurred.\n", + "type": "string" + }, + "hostname": { + "description": "Name of the host where Defender runs.\n", + "type": "string" + }, + "lastModified": { + "description": "Datetime of the last upgrade.\n", + "format": "date-time", + "type": "string" + }, + "progress": { + "description": "Upgrade progress.\n", + "type": "integer" + } + }, + "type": "object" + }, + "deployment.CommandError": { + "description": "CommandError is the command error on specific instance", + "properties": { + "error": { + "description": "Error is the error in case the command failed.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the instance hostname.\n", + "type": "string" + }, + "instanceID": { + "description": "InstanceID is the instance id.\n", + "type": "string" + }, + "instanceName": { + "description": "InstanceName is the instance name.\n", + "type": "string" + }, + "projectID": { + "description": "ProjectID is instance GCP project id.\n", + "type": "string" + }, + "region": { + "description": "Region is the instance region for AWS or zone for GCP.\n", + "type": "string" + }, + "state": { + "description": "State is the error state in which the deployment failed (e.g. timed out/failed due to some other reason).\n", + "type": "string" + }, + "vmImage": { + "description": "VMImage is the instance image.\n", + "type": "string" + } + }, + "type": "object" + }, + "deployment.DaemonSet": { + "description": "DaemonSet holds information about deployed defender DaemonSet\nTODO #12377 - Implement Resource interface for collections filtering, after retrieving correct value to Cluster field", + "properties": { + "address": { + "description": "Address is the kubernetes cluster address.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the kubernetes cluster name.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "defendersVersion": { + "description": "DefendersVersion is the version of the defenders deployed.\n", + "type": "string" + }, + "desiredDefenders": { + "description": "DesiredDefenders is the number of desired defenders.\n", + "type": "integer" + }, + "error": { + "description": "Error indicates any related errors found.\n", + "type": "string" + }, + "hasDefender": { + "description": "HasDefender indicates if the cluster has at least one running defender.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "runningDefenders": { + "description": "RunningDefenders is the number of defenders running.\n", + "type": "integer" + }, + "upgradable": { + "description": "Upgradable indicates if the cluster is upgradable.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "float32": { + "format": "float", + "type": "number" + }, + "float64": { + "format": "double", + "type": "number" + }, + "forensic.ContainerEvent": { + "description": "ContainerEvent holds forensic event information (in flat structure)", + "properties": { + "allPorts": { + "description": "AllPorts indicates all listening ports are allowed.\n", + "type": "boolean" + }, + "attack": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "command": { + "description": "Command is the event command.\n", + "type": "string" + }, + "containerId": { + "description": "ContainerID is the event container id.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the event queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the event queried domain type.\n", + "type": "string" + }, + "dstIP": { + "description": "DstIP is the destination IP of the connection.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the destination port.\n", + "type": "integer" + }, + "dstProfileID": { + "description": "DstProfileID is the profile ID of the connection destination.\n", + "type": "string" + }, + "effect": { + "description": "Effect is the runtime audit effect.\n", + "type": "string" + }, + "listeningStartTime": { + "description": "listeningStartTime is the port listening start time.\n", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is the runtime audit message.\n", + "type": "string" + }, + "networkCollectionType": { + "$ref": "#/components/schemas/forensic.NetworkCollection" + }, + "outbound": { + "description": "Outbound indicates if the port is outbound.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the event path.\n", + "type": "string" + }, + "pid": { + "description": "Pid is the event process id.\n", + "type": "integer" + }, + "port": { + "description": "Port is the listening port.\n", + "type": "integer" + }, + "ppid": { + "description": "PPid is the event parent process id.\n", + "type": "integer" + }, + "process": { + "description": "Process is the event process.\n", + "type": "string" + }, + "srcIP": { + "description": "SrcIP is the source IP of the connection.\n", + "type": "string" + }, + "srcProfileID": { + "description": "SrcProfileID is the profile ID of the connection source.\n", + "type": "string" + }, + "static": { + "description": "Static indicates the event was added to the profile without behavioral indication.\n", + "type": "boolean" + }, + "timestamp": { + "description": "Timestamp is the event timestamp.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/forensic.ContainerEventType" + }, + "user": { + "description": "User is the event user.\n", + "type": "string" + } + }, + "type": "object" + }, + "forensic.ContainerEventType": { + "description": "ContainerEventType represents the kind of event", + "enum": [ + [ + "Process spawned", + "Binary created", + "Container started", + "Listening port", + "Connection established", + "Runtime audit", + "Runtime profile process", + "Runtime profile filesystem", + "Runtime profile networking", + "Incident", + "DNS query" + ] + ], + "type": "string" + }, + "forensic.HostEvent": { + "description": "HostEvent holds host forensic event information", + "properties": { + "app": { + "description": "App is the application associated with the event.\n", + "type": "string" + }, + "attack": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "command": { + "description": "Command is the event command.\n", + "type": "string" + }, + "country": { + "description": "Country is the country associated with the event.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the event queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the event queried domain type.\n", + "type": "string" + }, + "effect": { + "description": "Effect is the runtime audit effect.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates if the event is interactive.\n", + "type": "boolean" + }, + "ip": { + "description": "IP is the IP address associated with the event.\n", + "type": "string" + }, + "listeningStartTime": { + "description": "ListeningStartTime is the listening port start time.\n", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is the runtime audit message.\n", + "type": "string" + }, + "path": { + "description": "Path is the event path.\n", + "type": "string" + }, + "pid": { + "description": "Pid is the event process id.\n", + "type": "integer" + }, + "port": { + "description": "Port is the listening port.\n", + "type": "integer" + }, + "ppath": { + "description": "Path is the event parent path.\n", + "type": "string" + }, + "ppid": { + "description": "PPid is the event parent process id.\n", + "type": "integer" + }, + "process": { + "description": "Process is the event process.\n", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the event timestamp.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/forensic.HostEventType" + }, + "user": { + "description": "User is the event user.\n", + "type": "string" + } + }, + "type": "object" + }, + "forensic.HostEventType": { + "description": "HostEventType represents the kind of host event", + "enum": [ + [ + "Process spawned", + "Listening port", + "Binary created", + "Runtime audit", + "SSH event", + "Incident", + "DNS query" + ] + ], + "type": "string" + }, + "forensic.NetworkCollection": { + "description": "NetworkCollection describe the different types of collection of network events", + "type": "string" + }, + "identity.LdapSettings": { + "description": "LdapSettings are the ldap connectivity settings", + "properties": { + "accountPassword": { + "$ref": "#/components/schemas/common.Secret" + }, + "accountUpn": { + "description": "AccountUpn is the user principle name used to connect to the active directory server.\n", + "type": "string" + }, + "caCert": { + "description": "CaCert is cert in PEM format (optional, if not specified, skip_verify flag will be used).\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether LDAP is enabled.\n", + "type": "boolean" + }, + "groupSearchBase": { + "description": "GroupSearchBase is the LDAP search pattern for groups.\n", + "type": "string" + }, + "searchBase": { + "description": "SearchBase is the LDAP search pattern.\n", + "type": "string" + }, + "type": { + "description": "Type specifies the LDAP server type (AD or OpenLDAP).\n", + "type": "string" + }, + "url": { + "description": "URL is the ldap server url.\n", + "type": "string" + }, + "userSearchBase": { + "description": "UserSearchBase is the LDAP search pattern for users.\n", + "type": "string" + }, + "userSearchIdentifier": { + "description": "UserSearchIdentifier is the user identifier to use for querying open ldap (e.g., cn -> cn=user).\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.ProviderName": { + "description": "ProviderName is the identity provider name", + "enum": [ + [ + "github", + "openshift" + ] + ], + "type": "string" + }, + "identity.ProviderSettings": { + "description": "ProviderSettings are the Oauth/ OpenID Connect connectivity settings", + "properties": { + "authURL": { + "description": "AuthURL specifies auth URL.\n", + "type": "string" + }, + "cert": { + "description": "Cert is idp certificate.\n", + "type": "string" + }, + "clientID": { + "description": "ClientID is the client identifier issued to the client during the registration process.\n", + "type": "string" + }, + "clientSecret": { + "$ref": "#/components/schemas/common.Secret" + }, + "enabled": { + "description": "Enabled indicates whether Auth settings are enabled.\n", + "type": "boolean" + }, + "groupClaim": { + "description": "GroupClaim is the name of the group claim property.\n", + "type": "string" + }, + "groupScope": { + "description": "GroupScope specifies name of group scope.\n", + "type": "string" + }, + "openIDIssuesURL": { + "description": "OpenIDIssuesURL is the base URL for OpenID connect providers.\n", + "type": "string" + }, + "openshiftBaseURL": { + "description": "OpenshiftBaseURL is openshift base URL.\n", + "type": "string" + }, + "providerAlias": { + "description": "ProviderAlias is the provider alias used for display.\n", + "type": "string" + }, + "providerName": { + "$ref": "#/components/schemas/identity.ProviderName" + }, + "tokenURL": { + "description": "TokenURL specifies token URL.\n", + "type": "string" + }, + "userClaim": { + "description": "UserClaim is the name of the user claim property.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.RedirectURLResponse": { + "description": "RedirectURLResponse is the response for identity redirect endpoint", + "properties": { + "enabled": { + "description": "Enabled identify if auth provider is enabled.\n", + "type": "boolean" + }, + "url": { + "description": "URL is the redirect URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.SamlSettings": { + "description": "SamlSettings are the saml connectivity settings", + "properties": { + "appId": { + "description": "AppID is the Azure application ID.\n", + "type": "string" + }, + "appSecret": { + "$ref": "#/components/schemas/common.Secret" + }, + "audience": { + "description": "Audience specifies the SAML audience used in the verification of the SAML response.\n", + "type": "string" + }, + "cert": { + "description": "Cert is idp certificate in PEM format.\n", + "type": "string" + }, + "consoleURL": { + "description": "ConsoleURL is the external Console URL that is used by the IDP for routing the browser after login.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether saml settings are enabled.\n", + "type": "boolean" + }, + "groupAttribute": { + "description": "GroupAttribute is the name of the group attribute.\n", + "type": "string" + }, + "issuer": { + "description": "Issuer is idp issuer id.\n", + "type": "string" + }, + "providerAlias": { + "description": "ProviderAlias is the provider alias used for display.\n", + "type": "string" + }, + "skipAuthnContext": { + "description": "SkipAuthnContext indicates whether request authentication contexts should be skipped.\n", + "type": "boolean" + }, + "tenantId": { + "description": "TenantID is the Azure Tenant ID.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/identity.SamlType" + }, + "url": { + "description": "URL is idp sso url.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.SamlType": { + "description": "SamlType represents the type of a SAML configured settings", + "enum": [ + [ + "okta", + "gsuite", + "ping", + "shibboleth", + "azure", + "adfs" + ] + ], + "type": "string" + }, + "identity.Settings": { + "description": "Settings hold the identity settings for supported providers", + "properties": { + "ldap": { + "$ref": "#/components/schemas/identity.LdapSettings" + }, + "oauth": { + "$ref": "#/components/schemas/identity.ProviderSettings" + }, + "openid": { + "$ref": "#/components/schemas/identity.ProviderSettings" + }, + "saml": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + }, + "type": "object" + }, + "int": { + "type": "integer" + }, + "int16": { + "type": "integer" + }, + "int64": { + "format": "int64", + "type": "integer" + }, + "intelligence.IntelligenceSettings": { + "description": "IntelligenceSettings are the intelligence service settings", + "properties": { + "address": { + "description": "Address is the intelligence service address.\n", + "type": "string" + }, + "customEndpoint": { + "description": "CustomEndpoint is the user defined custom endpoint.\n", + "type": "string" + }, + "customEndpointCACert": { + "description": "CustomEndpointCACert is the custom CA cert bundle for trusting the custom endpoint.\n", + "type": "string" + }, + "customEndpointCredentialID": { + "description": "CustomEndpointCredentialID is the custom endpoint credential ID.\n", + "type": "string" + }, + "customEndpointEnabled": { + "description": "CustomEndpointEnabled indicates that the user custom endpoint is enabled.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether intelligence service is enabled.\n", + "type": "boolean" + }, + "token": { + "description": "Token is the token used to access intelligence service.\n", + "type": "string" + }, + "uploadDisabled": { + "description": "UploadDisabled indicates whether logs uploading is disabled.\n", + "type": "boolean" + }, + "windowsFeedEnabled": { + "description": "WindowsFeedEnabled indicates whether windows feed is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicy": { + "description": "AuthorizationPolicy is a compact version of Istio AuthorizationPolicy resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#AuthorizationPolicy", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "name": { + "description": "Name is the authorization policy name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the authorization policy.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the access rules this authorization policy defines.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyRule" + }, + "type": "array" + }, + "targetServices": { + "description": "TargetServices is the list of services the authorization policy applies on.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyService" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyDestination": { + "description": "AuthorizationPolicyDestination is a compact version of Istio Operation resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Operation", + "properties": { + "methods": { + "description": "Methods are the destination endpoint HTTP methods, such as: \"GET\", \"POST\".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "paths": { + "description": "Paths are the destination HTTP paths.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the destination endpoint ports.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyRule": { + "description": "AuthorizationPolicyRule is a compact version of Istio Rule resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Rule", + "properties": { + "destinations": { + "description": "Destinations are the endpoint definitions the rule grants access to.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyDestination" + }, + "type": "array" + }, + "sources": { + "description": "Sources are the metadatas of the services the rule grants access to.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicySource" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyService": { + "description": "AuthorizationPolicyService represents a service an authorization policy applies on\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Source", + "properties": { + "name": { + "description": "Name is the service name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the service namespace.\n", + "type": "string" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicySource": { + "description": "AuthorizationPolicySource is a compact version of Istio Source resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Source", + "properties": { + "namespaces": { + "description": "Namespaces are the source services namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "principals": { + "description": "Principals are the source services principals.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "kubeaudit.Audit": { + "description": "Audit represents a Kubernetes audit - this is the data that is stored for matched audits", + "properties": { + "accountID": { + "description": "AccountID is the account ID the Kubernetes audit belongs to.\n", + "type": "string" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "authorizationInfo": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "AuthorizationInfo holds the original event authorization info.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster the Kubernetes audit belongs to.\n", + "type": "string" + }, + "collections": { + "description": "Collections that apply to the Kubernetes audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "eventBlob": { + "description": "EventBlob is the original event that caused this audit.\n", + "type": "string" + }, + "message": { + "description": "Message is the user defined message which appears on audit.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "requestURI": { + "description": "RequestURI is the request URI as sent by the client to a server.\n", + "type": "string" + }, + "resources": { + "description": "Resource represents the resource that is impacted by this event.\n", + "type": "string" + }, + "sourceIPs": { + "description": "Source IPs, from where the request originated and intermediate proxies (optional).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "time": { + "description": "Time is the time at which the request was generated.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "$ref": "#/components/schemas/kubeaudit.EventUserInfo" + }, + "verb": { + "description": "Verb is the kubernetes verb associated with the request.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.AuditSettings": { + "description": "AuditSettings represents the kubernetes audits settings", + "properties": { + "lastPollingTime": { + "description": "LastPollingTime holds the last time the logs were polled.\n", + "format": "date-time", + "type": "string" + }, + "specifications": { + "description": "Specifications are the K8s audits fetching CSP specifications.\n", + "items": { + "$ref": "#/components/schemas/kubeaudit.AuditSpecification" + }, + "type": "array" + }, + "webhookUrlSuffix": { + "description": "WebhookSuffix is the relative path to the webhook http endpoint, used for auditing K8S events sent to the console from a cluster.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.AuditSpecification": { + "description": "AuditSpecification is the specification for fetching audits from a CSP", + "properties": { + "awsRegion": { + "description": "AWSRegion is the cloud region to fetch from.\n", + "type": "string" + }, + "azureResourceGroups": { + "description": "AzureResourceGroups holds the resource groups to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "azureWorkspaceName": { + "description": "AzureWorkspaceName holds the workspace name to fetch from.\n", + "type": "string" + }, + "clusters": { + "description": "Clusters are the clusters to fetch.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialID": { + "description": "CredentialID is the credential to use for CSP authentication for this specification.\n", + "type": "string" + }, + "deploymentType": { + "$ref": "#/components/schemas/kubeaudit.DeploymentType" + }, + "filter": { + "description": "Filter is a provider specific query using the provider's query syntax for additional filtering.\n", + "type": "string" + }, + "gcpProjectIDs": { + "description": "GCPProjectIDs holds the IDs of projects to fetch from.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the specification unique identification as provided by the user.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.DeploymentType": { + "description": "DeploymentType specifies the type of Kubernetes deployment", + "enum": [ + [ + "gke", + "aks", + "eks" + ] + ], + "type": "string" + }, + "kubeaudit.EventUserInfo": { + "description": "EventUserInfo holds the information about the user that authenticated to Kubernentes", + "properties": { + "groups": { + "description": "The names of groups this user is a part of (optional).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "uid": { + "description": "A unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs (optional).\n", + "type": "string" + }, + "username": { + "description": "The name that uniquely identifies this user among all active users (optional).\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.Policy": { + "description": "Policy represents a Kubernetes audit policy enforced on Kubernetes audits", + "properties": { + "_id": { + "description": "ID is the Kubernetes audit policy ID.\n", + "type": "string" + }, + "customRulesIDs": { + "description": "CustomRulesIDs is a list of the custom runtime rules ids that apply to this policy.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled specifies if Kubernetes audits are enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "license.SPDXLicense": { + "description": "SPDXLicense represents a SPDX license ID", + "enum": [ + [ + "0BSD", + "AAL", + "ADSL", + "AFL-1.1", + "AFL-1.2", + "AFL-2.0", + "AFL-2.1", + "AFL-3.0", + "AGPL-1.0", + "AGPL-1.0-only", + "AGPL-1.0-or-later", + "AGPL-3.0", + "AGPL-3.0-only", + "AGPL-3.0-or-later", + "AMDPLPA", + "AML", + "AMPAS", + "ANTLR-PD", + "ANTLR-PD-fallback", + "APAFML", + "APL-1.0", + "APSL-1.0", + "APSL-1.1", + "APSL-1.2", + "APSL-2.0", + "Abstyles", + "Adobe-2006", + "Adobe-Glyph", + "Afmparse", + "Aladdin", + "Apache-1.0", + "Apache-1.1", + "Apache-2.0", + "Artistic-1.0", + "Artistic-1.0-Perl", + "Artistic-1.0-cl8", + "Artistic-2.0", + "BSD-1-Clause", + "BSD-2-Clause", + "BSD-2-Clause-FreeBSD", + "BSD-2-Clause-NetBSD", + "BSD-2-Clause-Patent", + "BSD-2-Clause-Views", + "BSD-3-Clause", + "BSD-3-Clause-Attribution", + "BSD-3-Clause-Clear", + "BSD-3-Clause-LBNL", + "BSD-3-Clause-No-Nuclear-License", + "BSD-3-Clause-No-Nuclear-License-2014", + "BSD-3-Clause-No-Nuclear-Warranty", + "BSD-3-Clause-Open-MPI", + "BSD-4-Clause", + "BSD-4-Clause-UC", + "BSD-Protection", + "BSD-Source-Code", + "BSL-1.0", + "BUSL-1.1", + "Bahyph", + "Barr", + "Beerware", + "BitTorrent-1.0", + "BitTorrent-1.1", + "BlueOak-1.0.0", + "Borceux", + "CAL-1.0", + "CAL-1.0-Combined-Work-Exception", + "CATOSL-1.1", + "CC-BY-1.0", + "CC-BY-2.0", + "CC-BY-2.5", + "CC-BY-3.0", + "CC-BY-3.0-AT", + "CC-BY-3.0-US", + "CC-BY-4.0", + "CC-BY-NC-1.0", + "CC-BY-NC-2.0", + "CC-BY-NC-2.5", + "CC-BY-NC-3.0", + "CC-BY-NC-4.0", + "CC-BY-NC-ND-1.0", + "CC-BY-NC-ND-2.0", + "CC-BY-NC-ND-2.5", + "CC-BY-NC-ND-3.0", + "CC-BY-NC-ND-3.0-IGO", + "CC-BY-NC-ND-4.0", + "CC-BY-NC-SA-1.0", + "CC-BY-NC-SA-2.0", + "CC-BY-NC-SA-2.5", + "CC-BY-NC-SA-3.0", + "CC-BY-NC-SA-4.0", + "CC-BY-ND-1.0", + "CC-BY-ND-2.0", + "CC-BY-ND-2.5", + "CC-BY-ND-3.0", + "CC-BY-ND-4.0", + "CC-BY-SA-1.0", + "CC-BY-SA-2.0", + "CC-BY-SA-2.0-UK", + "CC-BY-SA-2.5", + "CC-BY-SA-3.0", + "CC-BY-SA-3.0-AT", + "CC-BY-SA-4.0", + "CC-PDDC", + "CC0-1.0", + "CDDL-1.0", + "CDDL-1.1", + "CDLA-Permissive-1.0", + "CDLA-Sharing-1.0", + "CECILL-1.0", + "CECILL-1.1", + "CECILL-2.0", + "CECILL-2.1", + "CECILL-B", + "CECILL-C", + "CERN-OHL-1.1", + "CERN-OHL-1.2", + "CERN-OHL-P-2.0", + "CERN-OHL-S-2.0", + "CERN-OHL-W-2.0", + "CNRI-Jython", + "CNRI-Python", + "CNRI-Python-GPL-Compatible", + "CPAL-1.0", + "CPL-1.0", + "CPOL-1.02", + "CUA-OPL-1.0", + "Caldera", + "ClArtistic", + "Condor-1.1", + "Crossword", + "CrystalStacker", + "Cube", + "D-FSL-1.0", + "DOC", + "DSDP", + "Dotseqn", + "ECL-1.0", + "ECL-2.0", + "EFL-1.0", + "EFL-2.0", + "EPICS", + "EPL-1.0", + "EPL-2.0", + "EUDatagrid", + "EUPL-1.0", + "EUPL-1.1", + "EUPL-1.2", + "Entessa", + "ErlPL-1.1", + "Eurosym", + "FSFAP", + "FSFUL", + "FSFULLR", + "FTL", + "Fair", + "Frameworx-1.0", + "FreeImage", + "GFDL-1.1", + "GFDL-1.1-invariants-only", + "GFDL-1.1-invariants-or-later", + "GFDL-1.1-no-invariants-only", + "GFDL-1.1-no-invariants-or-later", + "GFDL-1.1-only", + "GFDL-1.1-or-later", + "GFDL-1.2", + "GFDL-1.2-invariants-only", + "GFDL-1.2-invariants-or-later", + "GFDL-1.2-no-invariants-only", + "GFDL-1.2-no-invariants-or-later", + "GFDL-1.2-only", + "GFDL-1.2-or-later", + "GFDL-1.3", + "GFDL-1.3-invariants-only", + "GFDL-1.3-invariants-or-later", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-only", + "GFDL-1.3-or-later", + "GL2PS", + "GLWTPL", + "GPL-1.0", + "GPL-1.0+", + "GPL-1.0-only", + "GPL-1.0-or-later", + "GPL-2.0", + "GPL-2.0+", + "GPL-2.0-only", + "GPL-2.0-or-later", + "GPL-2.0-with-GCC-exception", + "GPL-2.0-with-autoconf-exception", + "GPL-2.0-with-bison-exception", + "GPL-2.0-with-classpath-exception", + "GPL-2.0-with-font-exception", + "GPL-3.0", + "GPL-3.0+", + "GPL-3.0-only", + "GPL-3.0-or-later", + "GPL-3.0-with-GCC-exception", + "GPL-3.0-with-autoconf-exception", + "Giftware", + "Glide", + "Glulxe", + "HPND", + "HPND-sell-variant", + "HTMLTIDY", + "HaskellReport", + "Hippocratic-2.1", + "IBM-pibs", + "ICU", + "IJG", + "IPA", + "IPL-1.0", + "ISC", + "ImageMagick", + "Imlib2", + "Info-ZIP", + "Intel", + "Intel-ACPI", + "Interbase-1.0", + "JPNIC", + "JSON", + "JasPer-2.0", + "LAL-1.2", + "LAL-1.3", + "LGPL-2.0", + "LGPL-2.0+", + "LGPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1-only", + "LGPL-2.1-or-later", + "LGPL-3.0", + "LGPL-3.0+", + "LGPL-3.0-only", + "LGPL-3.0-or-later", + "LGPLLR", + "LPL-1.0", + "LPL-1.02", + "LPPL-1.0", + "LPPL-1.1", + "LPPL-1.2", + "LPPL-1.3a", + "LPPL-1.3c", + "Latex2e", + "Leptonica", + "LiLiQ-P-1.1", + "LiLiQ-R-1.1", + "LiLiQ-Rplus-1.1", + "Libpng", + "Linux-OpenIB", + "MIT", + "MIT-0", + "MIT-CMU", + "MIT-advertising", + "MIT-enna", + "MIT-feh", + "MIT-open-group", + "MITNFA", + "MPL-1.0", + "MPL-1.1", + "MPL-2.0", + "MPL-2.0-no-copyleft-exception", + "MS-PL", + "MS-RL", + "MTLL", + "MakeIndex", + "MirOS", + "Motosoto", + "MulanPSL-1.0", + "MulanPSL-2.0", + "Multics", + "Mup", + "NASA-1.3", + "NBPL-1.0", + "NCGL-UK-2.0", + "NCSA", + "NGPL", + "NIST-PD", + "NIST-PD-fallback", + "NLOD-1.0", + "NLPL", + "NOSL", + "NPL-1.0", + "NPL-1.1", + "NPOSL-3.0", + "NRL", + "NTP", + "NTP-0", + "Naumen", + "Net-SNMP", + "NetCDF", + "Newsletr", + "Nokia", + "Noweb", + "Nunit", + "O-UDA-1.0", + "OCCT-PL", + "OCLC-2.0", + "ODC-By-1.0", + "ODbL-1.0", + "OFL-1.0", + "OFL-1.0-RFN", + "OFL-1.0-no-RFN", + "OFL-1.1", + "OFL-1.1-RFN", + "OFL-1.1-no-RFN", + "OGC-1.0", + "OGL-Canada-2.0", + "OGL-UK-1.0", + "OGL-UK-2.0", + "OGL-UK-3.0", + "OGTSL", + "OLDAP-1.1", + "OLDAP-1.2", + "OLDAP-1.3", + "OLDAP-1.4", + "OLDAP-2.0", + "OLDAP-2.0.1", + "OLDAP-2.1", + "OLDAP-2.2", + "OLDAP-2.2.1", + "OLDAP-2.2.2", + "OLDAP-2.3", + "OLDAP-2.4", + "OLDAP-2.5", + "OLDAP-2.6", + "OLDAP-2.7", + "OLDAP-2.8", + "OML", + "OPL-1.0", + "OSET-PL-2.1", + "OSL-1.0", + "OSL-1.1", + "OSL-2.0", + "OSL-2.1", + "OSL-3.0", + "OpenSSL", + "PDDL-1.0", + "PHP-3.0", + "PHP-3.01", + "PSF-2.0", + "Parity-6.0.0", + "Parity-7.0.0", + "Plexus", + "PolyForm-Noncommercial-1.0.0", + "PolyForm-Small-Business-1.0.0", + "PostgreSQL", + "Python-2.0", + "QPL-1.0", + "Qhull", + "RHeCos-1.1", + "RPL-1.1", + "RPL-1.5", + "RPSL-1.0", + "RSA-MD", + "RSCPL", + "Rdisc", + "Ruby", + "SAX-PD", + "SCEA", + "SGI-B-1.0", + "SGI-B-1.1", + "SGI-B-2.0", + "SHL-0.5", + "SHL-0.51", + "SISSL", + "SISSL-1.2", + "SMLNJ", + "SMPPL", + "SNIA", + "SPL-1.0", + "SSH-OpenSSH", + "SSH-short", + "SSPL-1.0", + "SWL", + "Saxpath", + "Sendmail", + "Sendmail-8.23", + "SimPL-2.0", + "Sleepycat", + "Spencer-86", + "Spencer-94", + "Spencer-99", + "StandardML-NJ", + "SugarCRM-1.1.3", + "TAPR-OHL-1.0", + "TCL", + "TCP-wrappers", + "TMate", + "TORQUE-1.1", + "TOSL", + "TU-Berlin-1.0", + "TU-Berlin-2.0", + "UCL-1.0", + "UPL-1.0", + "Unicode-DFS-2015", + "Unicode-DFS-2016", + "Unicode-TOU", + "Unlicense", + "VOSTROM", + "VSL-1.0", + "Vim", + "W3C", + "W3C-19980720", + "W3C-20150513", + "WTFPL", + "Watcom-1.0", + "Wsuipa", + "X11", + "XFree86-1.1", + "XSkat", + "Xerox", + "Xnet", + "YPL-1.0", + "YPL-1.1", + "ZPL-1.1", + "ZPL-2.0", + "ZPL-2.1", + "Zed", + "Zend-2.0", + "Zimbra-1.3", + "Zimbra-1.4", + "Zlib", + "blessing", + "bzip2-1.0.5", + "bzip2-1.0.6", + "copyleft-next-0.3.0", + "copyleft-next-0.3.1", + "curl", + "diffmark", + "dvipdfm", + "eCos-2.0", + "eGenix", + "etalab-2.0", + "gSOAP-1.3b", + "gnuplot", + "iMatix", + "libpng-2.0", + "libselinux-1.0", + "libtiff", + "mpich2", + "psfrag", + "psutils", + "wxWindows", + "xinetd", + "xpp", + "zlib-acknowledgement" + ] + ], + "type": "string" + }, + "log.LogEntry": { + "description": "LogEntry represents a single log line", + "properties": { + "level": { + "description": "Level is the log level.\n", + "type": "string" + }, + "log": { + "description": "Log is the log text.\n", + "type": "string" + }, + "time": { + "description": "Time is the log time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "mitre.Technique": { + "description": "Technique is the MITRE framework attack technique", + "enum": [ + [ + "exploitationForPrivilegeEscalation", + "exploitPublicFacingApplication", + "applicationExploitRCE", + "networkServiceScanning", + "endpointDenialOfService", + "exfiltrationGeneral", + "systemNetworkConfigurationDiscovery", + "unsecuredCredentials", + "credentialDumping", + "systemInformationDiscovery", + "systemNetworkConnectionDiscovery", + "systemUserDiscovery", + "accountDiscovery", + "cloudInstanceMetadataAPI", + "accessKubeletMainAPI", + "queryKubeletReadonlyAPI", + "accessKubernetesAPIServer", + "softwareDeploymentTools", + "ingressToolTransfer", + "lateralToolTransfer", + "commandAndControlGeneral", + "resourceHijacking", + "manInTheMiddle", + "nativeBinaryExecution", + "foreignBinaryExecution", + "createAccount", + "accountManipulation", + "abuseElevationControlMechanisms", + "supplyChainCompromise", + "obfuscatedFiles", + "hijackExecutionFlow", + "impairDefences", + "scheduledTaskJob", + "exploitationOfRemoteServices", + "eventTriggeredExecution", + "accountAccessRemoval", + "privilegedContainer", + "writableVolumes", + "execIntoContainer", + "softwareDiscovery", + "createContainer", + "kubernetesSecrets", + "fileAndDirectoryDiscovery", + "masquerading", + "webShell", + "compileAfterDelivery" + ] + ], + "type": "string" + }, + "packages.Type": { + "description": "Type describes the package type", + "enum": [ + [ + "nodejs", + "gem", + "python", + "jar", + "package", + "windows", + "binary", + "nuget", + "go", + "app", + "unknown" + ] + ], + "type": "string" + }, + "prisma.AlertIntegration": { + "description": "AlertIntegration has the relevant fields for Prisma Cloud defined integrations\nhttps://prisma.pan.dev/api/cloud/cspm/integrations#operation/get-all-integrations", + "properties": { + "id": { + "description": "ID of the integration in Prisma Cloud.\n", + "type": "string" + }, + "integrationConfig": { + "$ref": "#/components/schemas/prisma.IntegrationConfig" + }, + "integrationType": { + "description": "IntegrationType is the provider type.\n", + "type": "string" + }, + "name": { + "description": "Name of the integration in Prisma Cloud.\n", + "type": "string" + } + }, + "type": "object" + }, + "prisma.AssetType": { + "description": "AssetType is the integral value that we need to pass to PC in the UAI and Unified Alerts integrations to identify the asset type\nMappings of the asset types agreed upon with PC can be found here - https://docs.google.com/spreadsheets/d/1M0Aj5U4vpFGEnpd0v_xK-CsxSH4lovE7p93hkzE4DTY\nAdditional asset types can be found here - https://redlock.atlassian.net/browse/RLP-57240\nThis value will be identical to resource api id in case of Unified Alerts", + "enum": [ + [ + "15", + "16", + "39", + "45", + "65", + "5051", + "5070", + "7075", + "7077", + "10523", + "10524", + "10562", + "15000", + "20019", + "20028", + "20042", + "20051", + "20125", + "20126", + "20127", + "20155", + "25001", + "30012", + "30013", + "30014", + "30015", + "30016", + "30018", + "30020" + ] + ], + "type": "integer" + }, + "prisma.CloudType": { + "description": "CloudType is the prisma cloud type of the resource that is used for policy verdict creation\nCloud type values are documented here - https://docs.google.com/spreadsheets/d/1ZRlPl2IdEX22-7pSnqxeJGwwS0jyUbJJ16IkuPoiHMU", + "enum": [ + [ + "1", + "2", + "3", + "4", + "5", + "6" + ] + ], + "type": "integer" + }, + "prisma.IntegrationConfig": { + "description": "IntegrationConfig holds the additional configuration data for each integration", + "properties": { + "accountId": { + "description": "SecurityHubAccountID is the AWS account ID.\n", + "type": "string" + }, + "regions": { + "description": "SecurityHubIntegrationRegions holds AWS account available regions.\n", + "items": { + "$ref": "#/components/schemas/prisma.SecurityHubIntegrationRegions" + }, + "type": "array" + }, + "tables": { + "description": "ServiceNowIntegrationConfig holds ServiceNow tables info.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "prisma.SecurityHubIntegrationRegions": { + "description": "SecurityHubIntegrationRegions holds AWS Security Hub regions info", + "properties": { + "apiIdentifier": { + "description": "APIIdentifier represents the AWS region.\n", + "type": "string" + }, + "name": { + "description": "Name is the region name.\n", + "type": "string" + } + }, + "type": "object" + }, + "prisma.ServiceProvider": { + "description": "ServiceProvider represents service provider id or \"other\" in case it is non cloud.", + "enum": [ + [ + "aws", + "azure", + "gcp", + "alibaba_cloud", + "oci", + "other" + ] + ], + "type": "string" + }, + "rbac.PermName": { + "description": "PermName is a name of permission to a single resource type", + "enum": [ + [ + "radarsContainers", + "radarsHosts", + "radarsServerless", + "radarsCloud", + "policyContainers", + "policyHosts", + "policyServerless", + "policyCloud", + "policyComplianceCustomRules", + "policyRuntimeContainer", + "policyRuntimeHosts", + "policyRuntimeServerless", + "policyCustomRules", + "policyWAAS", + "policyCNNF", + "policyAccessSecrets", + "policyAccessKubernetes", + "monitorVuln", + "monitorCompliance", + "monitorImages", + "monitorHosts", + "monitorServerless", + "monitorCloud", + "monitorCI", + "monitorRuntimeContainers", + "monitorRuntimeHosts", + "monitorRuntimeServerless", + "monitorRuntimeIncidents", + "sandbox", + "monitorWAAS", + "monitorCNNF", + "monitorAccessDocker", + "monitorAccessKubernetes", + "systemLogs", + "manageDefenders", + "manageAlerts", + "collections", + "manageCreds", + "authConfiguration", + "userManagement", + "systemOperations", + "privilegedOperations", + "downloads", + "accessUI", + "uIEventSubscriber", + "user", + "none" + ] + ], + "type": "string" + }, + "rbac.Permission": { + "description": "Permission is a named resource permission", + "properties": { + "name": { + "$ref": "#/components/schemas/rbac.PermName" + }, + "readWrite": { + "description": "ReadWrite indicates RW or RO permission.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "rbac.Role": { + "description": "Role represents the role of a given user/group", + "properties": { + "description": { + "description": "Description is the role's description.\n", + "type": "string" + }, + "name": { + "description": "Name is the role name.\n", + "type": "string" + }, + "perms": { + "description": "Perms are the role resource permissions.\n", + "items": { + "$ref": "#/components/schemas/rbac.Permission" + }, + "type": "array" + }, + "system": { + "description": "System indicates predefined immutable system role.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.AntiMalwareRule": { + "description": "AntiMalwareRule represents restrictions/suppression for suspected anti-malware", + "properties": { + "allowedProcesses": { + "description": "AllowedProcesses contains paths of files and processes for which we skip anti-malware checks.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cryptoMiner": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "customFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedProcesses": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "detectCompilerGeneratedBinary": { + "description": "DetectCompilerGeneratedBinary represents what happens when a compiler service writes a binary.\n", + "type": "boolean" + }, + "encryptedBinaries": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "executionFlowHijack": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "reverseShell": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "serviceUnknownOriginBinary": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipSSHTracking": { + "description": "SkipSSHTracking indicates whether host SSH tracking should be skipped.\n", + "type": "boolean" + }, + "suspiciousELFHeaders": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "tempFSProc": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "userUnknownOriginBinary": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "webShell": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.App": { + "description": "App represents the applications runtime data", + "properties": { + "listeningPorts": { + "description": "ListeningPorts represents the applications listening ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostProfileListeningPort" + }, + "type": "array" + }, + "name": { + "description": "Name is the app name.\n", + "type": "string" + }, + "outgoingPorts": { + "description": "OutgoingPorts represents the applications outgoing ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostProfileOutgoingPort" + }, + "type": "array" + }, + "processes": { + "description": "Processes is a list of the app's descendant processes.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + }, + "startupProcess": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + } + }, + "type": "object" + }, + "runtime.AppEmbeddedPolicy": { + "description": "AppEmbeddedPolicy represents a runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.AppEmbeddedPolicyRule": { + "description": "AppEmbeddedPolicyRule represents a single rule in the app embedded runtime policy", + "properties": { + "advancedProtection": { + "description": "Indicates whether advanced protection (e.g., custom or premium feeds for container, added whitelist rules for serverless) is enabled (true) or not (false).\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.DNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.FilesystemRule" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.NetworkRule" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProcessesRule" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.AppListeningPorts": { + "description": "AppListeningPorts is an association of an app and list of listening ports", + "properties": { + "app": { + "description": "App is the name of the app.\n", + "type": "string" + }, + "portsData": { + "$ref": "#/components/schemas/common.ProfilePortData" + } + }, + "type": "object" + }, + "runtime.ContainerCapabilities": { + "description": "ContainerCapabilities are a set of static capabilities for a given container", + "properties": { + "ci": { + "description": "CI indicates the container allowed to write binaries to disk and run them.\n", + "type": "boolean" + }, + "cloudMetadata": { + "description": "CloudMetadata indicates the given container can query cloud metadata api.\n", + "type": "boolean" + }, + "dnsCache": { + "description": "DNSCache are DNS services that are used by all the pods in the cluster.\n", + "type": "boolean" + }, + "dynamicDNSQuery": { + "description": "DynamicDNSQuery indicates capped behavioral dns queries.\n", + "type": "boolean" + }, + "dynamicFileCreation": { + "description": "DynamicFileCreation indicates capped behavioral filesystem paths.\n", + "type": "boolean" + }, + "dynamicProcessCreation": { + "description": "DynamicProcessCreation indicates capped behavioral processes.\n", + "type": "boolean" + }, + "k8s": { + "description": "Kubernetes indicates the given container can perform k8s networking tasks (e.g., contact to api server).\n", + "type": "boolean" + }, + "proxy": { + "description": "Proxy indicates the container can listen on any port and perform multiple outbound connection.\n", + "type": "boolean" + }, + "pullImage": { + "description": "PullImage indicates that the container is allowed pull images (might include files with high entropy).\n", + "type": "boolean" + }, + "sshd": { + "description": "Sshd indicates whether the container can run sshd process.\n", + "type": "boolean" + }, + "unpacker": { + "description": "Unpacker indicates the container is allowed to write shared libraries to disk.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.ContainerDNSRule": { + "description": "ContainerDNSRule is the DNS runtime rule for container", + "properties": { + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "disabled": { + "description": "Disabled a global disable for the DNS rule.\n", + "type": "boolean" + }, + "domainList": { + "$ref": "#/components/schemas/runtime.DNSListRule" + } + }, + "type": "object" + }, + "runtime.ContainerFilesystemRule": { + "description": "ContainerFilesystemRule represents restrictions/suppression for filesystem changes", + "properties": { + "allowedList": { + "description": "AllowedList is the list of allowed file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "backdoorFilesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedList": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "disabled": { + "description": "Disabled a global disable for the filesystem rule.\n", + "type": "boolean" + }, + "encryptedBinariesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "newFilesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "suspiciousELFHeadersEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerNetworkRule": { + "description": "ContainerNetworkRule represents the restrictions/suppression for networking", + "properties": { + "allowedIPs": { + "description": "AllowedIPs the allow-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedIPs": { + "description": "DeniedIPs the deny-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deniedIPsEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "disabled": { + "description": "Disabled a global disable for the network rule.\n", + "type": "boolean" + }, + "listeningPorts": { + "$ref": "#/components/schemas/runtime.PortListRule" + }, + "modifiedProcEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "outboundPorts": { + "$ref": "#/components/schemas/runtime.PortListRule" + }, + "portScanEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "rawSocketsEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerPolicy": { + "description": "ContainerPolicy represents a runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "learningDisabled": { + "description": "Indicates whether automatic behavioural learning is enabled (true) or not (false).\n", + "type": "boolean" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.ContainerPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ContainerPolicyRule": { + "description": "ContainerPolicyRule represents a single rule in the runtime policy", + "properties": { + "advancedProtectionEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "cloudMetadataEnforcementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.ContainerDNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.ContainerFilesystemRule" + }, + "kubernetesEnforcementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.ContainerNetworkRule" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ContainerProcessesRule" + }, + "skipExecSessions": { + "description": "Indicates whether to skip runtime validation for events triggered by docker/kubectl exec.\n", + "type": "boolean" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerProcessesRule": { + "description": "ContainerProcessesRule represents restrictions/suppression for running processes", + "properties": { + "allowedList": { + "description": "AllowedList is the list of processes to allow.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "checkParentChild": { + "description": "Indicates whether checking for parent child relationship when comparing spawned processes in the model is enabled.\n", + "type": "boolean" + }, + "cryptoMinersEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedList": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "disabled": { + "description": "Disabled a global disable for the processes rule.\n", + "type": "boolean" + }, + "lateralMovementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "modifiedProcessEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "reverseShellEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "suidBinariesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerProfileHost": { + "description": "ContainerProfileHost represents a host that runs a container with a specific profile ID", + "properties": { + "agentless": { + "description": "Agentless indicates if the host was scanned by agentless.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the name of the host.\n", + "type": "string" + }, + "profileID": { + "description": "ProfileID is the profile ID that matches the container running in the host.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.DNSListRule": { + "description": "DNSListRule represents an explicitly allowed/denied domains list rule", + "properties": { + "allowed": { + "description": "Allowed the allow-listed domain names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "denied": { + "description": "Denied the deny-listed domain names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.DNSQuery": { + "description": "DNSQuery is the data of a DNS query", + "properties": { + "domainName": { + "description": "DomainName is the queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the queried domain type.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.DNSRule": { + "description": "DNSRule is the DNS runtime rule", + "properties": { + "blacklist": { + "description": "List of deny-listed domain names (e.g., www.bad-url.com, *.bad-url.com).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "whitelist": { + "description": "List of allow-listed domain names (e.g., *.gmail.com, *.s3.*.amazon.com).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.DenyListRule": { + "description": "DenyListRule represents a rule containing paths of files and processes to alert/prevent and the required effect", + "properties": { + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "paths": { + "description": "Paths are the paths to alert/prevent when an event with one of the paths is triggered.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.FSFileType": { + "description": "FSFileType represents the file type", + "type": "integer" + }, + "runtime.FileIntegrityRule": { + "description": "FileIntegrityRule represents a single file integrity monitoring rule", + "properties": { + "dir": { + "description": "Dir indicates that the path is a directory.\n", + "type": "boolean" + }, + "exclusions": { + "description": "Exclusions are filenames that should be ignored while generating audits\nThese filenames may contain a wildcard regex pattern, e.g. foo*.log, *.cache.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "metadata": { + "description": "Metadata indicates that metadata changes should be monitored (e.g. chmod, chown).\n", + "type": "boolean" + }, + "path": { + "description": "Path is the path to monitor.\n", + "type": "string" + }, + "procWhitelist": { + "description": "ProcWhitelist are the processes to ignore\nFilesystem events caused by these processes DO NOT generate file integrity events.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "read": { + "description": "Read indicates that reads operations should be monitored.\n", + "type": "boolean" + }, + "recursive": { + "description": "Recursive indicates that monitoring should be recursive.\n", + "type": "boolean" + }, + "write": { + "description": "Write indicates that write operations should be monitored.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.FilesystemRule": { + "description": "FilesystemRule represents restrictions/suppression for filesystem changes", + "properties": { + "backdoorFiles": { + "description": "Monitors files that can create and/or persist backdoors (currently SSH and admin account config files) (true).\n", + "type": "boolean" + }, + "blacklist": { + "description": "List of denied file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "checkNewFiles": { + "description": "Detects changes to binaries and certificates (true).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipEncryptedBinaries": { + "description": "Indicates that encrypted binaries check should be skipped.\n", + "type": "boolean" + }, + "suspiciousELFHeaders": { + "description": "Indicates whether malware detection based on suspicious ELF headers is enabled.\n", + "type": "boolean" + }, + "whitelist": { + "description": "List of allowed file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.GeoIP": { + "description": "GeoIP represents an ip address with it's origin country code", + "properties": { + "code": { + "description": "Code is the country iso code.\n", + "type": "string" + }, + "ip": { + "description": "IP is the ip address.\n", + "type": "string" + }, + "modified": { + "description": "Modified is the last modified time of this entry.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostDNSRule": { + "description": "HostDNSRule represents a host DNS runtime rule", + "properties": { + "allow": { + "description": "Allow is a list of user-defined domains to skip checks for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deny": { + "description": "Deny is a list of user-defined domains to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "denyListEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.HostNetworkRule": { + "description": "HostNetworkRule represents the restrictions/suppression for host networking", + "properties": { + "allowedOutboundIPs": { + "description": "AllowedOutboundIPs is a list of IPs to skip checks for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "customFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedListeningPorts": { + "description": "DeniedListeningPorts is a list of listening ports to deny.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "deniedOutboundIPs": { + "description": "DeniedOutboundIPs is a list of outbound IPs to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deniedOutboundPorts": { + "description": "DeniedOutboundPorts is a list of outbound ports to deny.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "denyListEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.HostPolicy": { + "description": "HostPolicy represents a host runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "ID is the host runtime policy internal id.\n", + "type": "string" + }, + "owner": { + "description": "Owner is the host runtime policy owner.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of host runtime rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.HostPolicyRule": { + "description": "HostPolicyRule represents a single rule in the runtime policy", + "properties": { + "antiMalware": { + "$ref": "#/components/schemas/runtime.AntiMalwareRule" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "CustomRules is a list of custom rules associated with the container runtime policy.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.HostDNSRule" + }, + "fileIntegrityRules": { + "description": "FileIntegrityRules are the file integrity monitoring rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.FileIntegrityRule" + }, + "type": "array" + }, + "forensic": { + "$ref": "#/components/schemas/common.HostForensicSettings" + }, + "logInspectionRules": { + "description": "LogInspectionRules is a list of log inspection rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.LogInspectionRule" + }, + "type": "array" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.HostNetworkRule" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfile": { + "description": "HostProfile represents a host runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID (hostname).\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID associated with the profile.\n", + "type": "string" + }, + "apps": { + "description": "Apps are the host's apps metadata.\n", + "items": { + "$ref": "#/components/schemas/runtime.App" + }, + "type": "array" + }, + "collections": { + "description": "Collections is a list of collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "hash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "labels": { + "description": "Labels are the labels associated with the profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "sshEvents": { + "description": "SSHEvents represents a list SSH events occurred on the host.\n", + "items": { + "$ref": "#/components/schemas/runtime.SSHEvent" + }, + "type": "array" + }, + "time": { + "description": "Time is the last time when this profile was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfileListeningPort": { + "description": "HostProfileListeningPort holds a metadata on listening port stored in host runtime profile", + "properties": { + "command": { + "description": "Command represents the command that triggered the connection.\n", + "type": "string" + }, + "modified": { + "description": "Modified is a timestamp of when the event occurred.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "processPath": { + "description": "ProcessPath represents the path to the process that uses the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfileOutgoingPort": { + "description": "HostProfileOutgoingPort holds a metadata on outgoing port stored in host runtime profile", + "properties": { + "command": { + "description": "Command represents the command that triggered the connection.\n", + "type": "string" + }, + "country": { + "description": "Country is the country ISO code for the given IP address.\n", + "type": "string" + }, + "ip": { + "description": "IP is the IP address captured over this port.\n", + "type": "string" + }, + "modified": { + "description": "Modified is a timestamp of when the event occurred.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "processPath": { + "description": "ProcessPath represents the path to the process that uses the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.LogInspectionRule": { + "description": "LogInspectionRule represents a single log inspection rule", + "properties": { + "path": { + "description": "Path is the log path.\n", + "type": "string" + }, + "regex": { + "description": "Regex are the regular expressions associated with the rule if it is a custom one.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.NetworkRule": { + "description": "NetworkRule represents the restrictions/suppression for networking", + "properties": { + "blacklistIPs": { + "description": "Deny-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blacklistListeningPorts": { + "description": "Deny-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "blacklistOutboundPorts": { + "description": "Deny-listed outbound ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "whitelistIPs": { + "description": "Allow-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "whitelistListeningPorts": { + "description": "Allow-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "whitelistOutboundPorts": { + "description": "Allow-listed outbound ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.PortListRule": { + "description": "PortListRule represents a rule containing ports to allowed/denied and the required effect", + "properties": { + "allowed": { + "description": "Allowed the allow-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "denied": { + "description": "Denied the deny-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ProcessesRule": { + "description": "ProcessesRule represents restrictions/suppression for running processes", + "properties": { + "blacklist": { + "description": "List of processes to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blockAllBinaries": { + "description": "Indicates that all processes are blocked except the main process.\n", + "type": "boolean" + }, + "checkCryptoMiners": { + "description": "Detect crypto miners.\n", + "type": "boolean" + }, + "checkLateralMovement": { + "description": "Indicates whether dectection of processes that can be used for lateral movement exploits is enabled.\n", + "type": "boolean" + }, + "checkNewBinaries": { + "description": "Indicates whether binaries which do not belong to the original image are allowed to run.\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipModified": { + "description": "Indicates whether to trigger audits/incidents when a modified proc is spawned.\n", + "type": "boolean" + }, + "whitelist": { + "description": "List of processes to allow.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileFilesystem": { + "description": "ProfileFilesystem defines the filesystem features profile", + "properties": { + "behavioral": { + "description": "Behavioral is filesystem data learned from behavioral analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileFilesystemPath" + }, + "type": "array" + }, + "static": { + "description": "Static is filesystem data learned from static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileFilesystemPath" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileFilesystemPath": { + "description": "ProfileFilesystemPath represents the filesystem static data", + "properties": { + "mount": { + "description": "Mount indicates whether the given folder is a mount.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the file path.\n", + "type": "string" + }, + "process": { + "description": "Process is the process that accessed the file.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the file was added.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileNetwork": { + "description": "ProfileNetwork represents networking data that is learned", + "properties": { + "behavioral": { + "$ref": "#/components/schemas/runtime.ProfileNetworkBehavioral" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "static": { + "$ref": "#/components/schemas/runtime.ProfileNetworkStatic" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkBehavioral": { + "description": "ProfileNetworkBehavioral represents the behavioral data learned for networking", + "properties": { + "dnsQueries": { + "description": "DNSQueries is the learned DNS queries.\n", + "items": { + "$ref": "#/components/schemas/runtime.DNSQuery" + }, + "type": "array" + }, + "listeningPorts": { + "description": "Listening is the learned listening ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppListeningPorts" + }, + "type": "array" + }, + "outboundPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkGeoIP": { + "description": "ProfileNetworkGeoIP represents a cache of last ip-country pairs attached to each profile", + "properties": { + "countries": { + "description": "Countries is a list of ip addresses with their corresponding country codes.\n", + "items": { + "$ref": "#/components/schemas/runtime.GeoIP" + }, + "type": "array" + }, + "modified": { + "description": "Modified is the last modified time of the cache.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkStatic": { + "description": "ProfileNetworkStatic represent the static section of the networking profile", + "properties": { + "listeningPorts": { + "description": "Listening are the listening ports learned by static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppListeningPorts" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileProcess": { + "description": "ProfileProcess represents a single process data", + "properties": { + "command": { + "description": "Command is the executed command.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates whether the process belongs to an interactive session.\n", + "type": "boolean" + }, + "md5": { + "description": "MD5 is the process binary MD5 sum.\n", + "type": "string" + }, + "modified": { + "description": "Modified indicates the process binary was modified after the container has started.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the process binary path.\n", + "type": "string" + }, + "ppath": { + "description": "PPath is the parent process path.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the process was added. If the process was modified, Time is the modification time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User represents the username that started the process.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileProcesses": { + "description": "ProfileProcesses represents the process data that is learned for a specific image", + "properties": { + "behavioral": { + "description": "Behavioral are process details learned from behavioral analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + }, + "static": { + "description": "Static are process details learned from static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.RuleEffect": { + "description": "RuleEffect is the effect that will be used in the runtime rule", + "enum": [ + [ + "block", + "prevent", + "alert", + "disable" + ] + ], + "type": "string" + }, + "runtime.SSHEvent": { + "description": "SSHEvent represents an SSH event data", + "properties": { + "command": { + "description": "Command is the executed command.\n", + "type": "string" + }, + "country": { + "description": "Country represents the SSH client's origin country.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates whether the process belongs to an interactive session.\n", + "type": "boolean" + }, + "ip": { + "description": "IP address represents the connection client IP address.\n", + "type": "integer" + }, + "loginTime": { + "description": "LoginTime represents the SSH login time.\n", + "format": "int64", + "type": "integer" + }, + "md5": { + "description": "MD5 is the process binary MD5 sum.\n", + "type": "string" + }, + "modified": { + "description": "Modified indicates the process binary was modified after the container has started.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the process binary path.\n", + "type": "string" + }, + "ppath": { + "description": "PPath is the parent process path.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the process was added. If the process was modified, Time is the modification time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User represents the username that started the process.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.SecretScrubbingSpec": { + "description": "SecretScrubbingSpec defined a single runtime secret scrubbing specification", + "properties": { + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pattern": { + "description": "Pattern is the regex pattern to mask sensitive data.\n", + "type": "string" + }, + "placeholder": { + "description": "Placeholder is the placeholder text to replace the matched field content.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ServerlessPolicy": { + "description": "ServerlessPolicy represents a serverless runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "learningDisabled": { + "description": "Indicates whether automatic behavioural learning is enabled (true) or not (false).\n", + "type": "boolean" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.ServerlessPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ServerlessPolicyRule": { + "description": "ServerlessPolicyRule represents a single rule in the serverless runtime policy", + "properties": { + "advancedProtection": { + "description": "Indicates whether advanced protection (e.g., custom or premium feeds for container, added whitelist rules for serverless) is enabled (true) or not (false).\n", + "type": "boolean" + }, + "cloudMetadataEnforcement": { + "description": "Catches containers that access the cloud provider metadata API.\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.DNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.FilesystemRule" + }, + "kubernetesEnforcement": { + "description": "Detects containers that attempt to compromise the orchestrator.\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.NetworkRule" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProcessesRule" + }, + "skipExecSessions": { + "description": "Indicates whether to skip runtime validation for events triggered by docker/kubectl exec.\n", + "type": "boolean" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "sandbox.ConnectionEvent": { + "description": "ConnectionEvent represents a network connection event", + "properties": { + "countryCode": { + "description": "CountryCode is the country code for the network IP.\n", + "type": "string" + }, + "ip": { + "description": "IP is the network IP.\n", + "type": "string" + }, + "port": { + "description": "Port is the network port.\n", + "type": "integer" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "protocol": { + "description": "Protocol is the transport layer protocol (UDP / TCP).\n", + "type": "string" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.DNSQueryEvent": { + "description": "DNSQueryEvent represents a DNS query event with it's connection details", + "properties": { + "countryCode": { + "description": "CountryCode is the country code for the network IP.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the domain name for a DNS query.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the domain type for a DNS query.\n", + "type": "string" + }, + "ip": { + "description": "IP is the network IP.\n", + "type": "string" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.Event": { + "description": "Event is a single event in a chain that lead to finding detection", + "properties": { + "description": { + "description": "Description describes what happened in the event.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of event detection.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.FilesystemAccessType": { + "description": "FilesystemAccessType represents a type of accessing a file", + "enum": [ + [ + "open", + "modify", + "create" + ] + ], + "type": "string" + }, + "sandbox.FilesystemEvent": { + "description": "FilesystemEvent represents a filesystem event during sandbox scan", + "properties": { + "accessType": { + "$ref": "#/components/schemas/sandbox.FilesystemAccessType" + }, + "path": { + "description": "Path is the file path.\n", + "type": "string" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.Finding": { + "description": "Finding represents a finding detected during sandbox scan", + "properties": { + "description": { + "description": "Description is the finding description.\n", + "type": "string" + }, + "events": { + "description": "Events are the events that lead to the finding detection.\n", + "items": { + "$ref": "#/components/schemas/sandbox.Event" + }, + "type": "array" + }, + "severity": { + "$ref": "#/components/schemas/sandbox.FindingSeverity" + }, + "time": { + "description": "Time is the detection time (time of triggering event).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/sandbox.FindingType" + } + }, + "type": "object" + }, + "sandbox.FindingSeverity": { + "description": "FindingSeverity represents a finding severity level", + "enum": [ + [ + "critical", + "high", + "medium", + "low" + ] + ], + "type": "string" + }, + "sandbox.FindingType": { + "description": "FindingType represents a unique sandbox-detected finding type", + "enum": [ + [ + "dropper", + "modifiedBinary", + "executableCreation", + "filelessExecutableCreation", + "wildFireMalware", + "verticalPortScan", + "cryptoMiner", + "suspiciousELFHeader", + "kernelModule", + "modifiedBinaryExecution", + "filelessExecution" + ] + ], + "type": "string" + }, + "sandbox.ListeningEvent": { + "description": "ListeningEvent represents a network listening event", + "properties": { + "port": { + "description": "Port is the network port.\n", + "type": "integer" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ProcessEvent": { + "description": "ProcessEvent represents a process event during sandbox scan", + "properties": { + "command": { + "description": "Command is the command line.\n", + "type": "string" + }, + "md5": { + "description": "MD5 is the md5 hash for the process binary.\n", + "type": "string" + }, + "parent": { + "$ref": "#/components/schemas/sandbox.ProcessInfo" + }, + "path": { + "description": "Path is the binary path.\n", + "type": "string" + }, + "time": { + "description": "Time is the process start time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the username/id.\n", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ProcessInfo": { + "description": "ProcessInfo holds process information", + "properties": { + "command": { + "description": "Command is the command line.\n", + "type": "string" + }, + "md5": { + "description": "MD5 is the md5 hash for the process binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the binary path.\n", + "type": "string" + }, + "time": { + "description": "Time is the process start time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the username/id.\n", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ScanResult": { + "description": "ScanResult represents sandbox scan results", + "properties": { + "_id": { + "description": "ID is a unique scan identifier.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "connection": { + "description": "Connection is a list of connection events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ConnectionEvent" + }, + "type": "array" + }, + "dns": { + "description": "DNS is a list of DNS queries detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.DNSQueryEvent" + }, + "type": "array" + }, + "entrypoint": { + "description": "Entrypoint is the command executed in the sandbox scan.\n", + "type": "string" + }, + "filesystem": { + "description": "Filesystem is a list of filesystem events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.FilesystemEvent" + }, + "type": "array" + }, + "findings": { + "description": "Findings are the detected findings during scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.Finding" + }, + "type": "array" + }, + "image": { + "$ref": "#/components/schemas/shared.ImageInfo" + }, + "imageName": { + "description": "ImageName is the image name (e.g. registry/repo:tag).\n", + "type": "string" + }, + "listening": { + "description": "Listening is a list of listening events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ListeningEvent" + }, + "type": "array" + }, + "pass": { + "description": "Pass indicates if the scan passed or failed.\n", + "type": "boolean" + }, + "procs": { + "description": "Procs are the different detected process during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "type": "array" + }, + "riskScore": { + "description": "RiskScore is the weighted total risk score.\n", + "format": "double", + "type": "number" + }, + "scanDuration": { + "description": "ScanDuration is the provided scan duration in nanoseconds.\n", + "format": "int64", + "type": "integer" + }, + "scanTime": { + "description": "Start is the scan start time.\n", + "format": "date-time", + "type": "string" + }, + "suspiciousFiles": { + "description": "SuspiciousFiles are suspicious files detected during scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.SuspiciousFile" + }, + "type": "array" + } + }, + "type": "object" + }, + "sandbox.SuspiciousFile": { + "description": "SuspiciousFile represents a suspicious file", + "properties": { + "containerPath": { + "description": "ContainerPath is the path of the file in the running container.\n", + "type": "string" + }, + "created": { + "description": "Created indicates if the file was created during runtime.\n", + "type": "boolean" + }, + "md5": { + "description": "MD5 is the file MD5 hash.\n", + "type": "string" + }, + "path": { + "description": "Path is the path to the copy of the file.\n", + "type": "string" + } + }, + "type": "object" + }, + "secrets.SecretScanMetrics": { + "description": "SecretScanMetrics represents metrics collected during secret scan", + "properties": { + "failedScans": { + "description": "FailedScans represents number of failed scans caused by scanner errors.\n", + "format": "int64", + "type": "integer" + }, + "foundSecrets": { + "description": "FoundSecrets represents number of detected secrets.\n", + "type": "integer" + }, + "scanTime": { + "description": "ScanTime represents cumulative secret scan time in microseconds.\n", + "format": "int64", + "type": "integer" + }, + "scanTimeouts": { + "description": "ScanTimeouts represents number of failed scans caused by timeout.\n", + "format": "int64", + "type": "integer" + }, + "scannedFileSize": { + "description": "ScannedFileSize represents accumulated size of scanned files.\n", + "format": "int64", + "type": "integer" + }, + "scannedFiles": { + "description": "ScannedFiles represents number of text files scanned for secrets.\n", + "format": "int64", + "type": "integer" + }, + "totalBytes": { + "description": "TotalBytes represents accumulated file size.\n", + "format": "int64", + "type": "integer" + }, + "totalFiles": { + "description": "TotalFiles represents number of files read for secrets.\n", + "format": "int64", + "type": "integer" + }, + "totalTime": { + "description": "TotalTime represents the total time in microseconds.\n", + "format": "int64", + "type": "integer" + }, + "typesCount": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "TypesCount represents distribution of secrets by its type.\n", + "type": "object" + } + }, + "type": "object" + }, + "serverless.ActionResources": { + "description": "ActionResources is a single action resources", + "properties": { + "resources": { + "description": "Resources are the resources granted to the action.\n", + "items": { + "$ref": "#/components/schemas/serverless.Resource" + }, + "type": "array" + }, + "serviceAPI": { + "$ref": "#/components/schemas/serverless.ServiceAPI" + } + }, + "type": "object" + }, + "serverless.AssociatedVersion": { + "description": "AssociatedVersion is a single function version associated with the alias", + "properties": { + "version": { + "description": "Version is the function version.\n", + "type": "string" + }, + "weight": { + "description": "Weight is the possibility that the function will be called when triggering the alias.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Condition": { + "description": "Condition contains limitations on resources, such as a specific prefix", + "properties": { + "conditions": { + "description": "Conditions contain the limitations.\n", + "items": { + "$ref": "#/components/schemas/shared.KeyValues" + }, + "type": "array" + }, + "name": { + "description": "Condition in AWS such as: StringLike, StringNotLike, StringEquals, StringNotEquals, StringEqualsIgnoreCase, StringNotEqualsIgnoreCase, ForAllValues:StringLike,...\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.FunctionInfo": { + "description": "FunctionInfo contains function information collected during function scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "ID of the function.\n", + "type": "string" + }, + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "applicationName": { + "description": "Name of the application with which the function is associated.\n", + "type": "string" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "architecture": { + "description": "Architecture that the function supports.\n", + "type": "string" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudControllerAddress": { + "description": "Address of the TAS cloud controller API.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Matched function collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "defended": { + "description": "Indicates status of runtime defense. Covers both manually and automatically deployed function defense.\n", + "type": "boolean" + }, + "defenderLayerARN": { + "description": "Prisma Defender Layer ARN, if it exists.\n", + "type": "string" + }, + "description": { + "description": "User-provided description of the function.\n", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "envvars": { + "description": "Function environment variables.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "err": { + "description": "Description of an error that occurred during the scan.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "functionLayers": { + "description": "Layer ARNs used by this function.\n", + "items": { + "$ref": "#/components/schemas/serverless.LayerInfo" + }, + "type": "array" + }, + "functionTags": { + "description": "Cloud provider metadata tags.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "handler": { + "description": "Handler is the function handler.\n", + "type": "string" + }, + "hash": { + "description": "Hash of the function.\n", + "type": "string" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname of the scanner.\n", + "type": "string" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "invocations": { + "description": "Invocations is the function invocation count.\n", + "format": "double", + "type": "number" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "lastModified": { + "description": "Date/time when the function was last modified.\n", + "format": "date-time", + "type": "string" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "memory": { + "description": "Memory size, in MB, configured for the function.\n", + "format": "int64", + "type": "integer" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "name": { + "description": "Name of the function.\n", + "type": "string" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "platform": { + "description": "Platform is the function OS.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "region": { + "description": "Function's region.\n", + "type": "string" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "resourceGroupName": { + "description": "Name of the resource group to which the resource belongs (only for Azure).\n", + "type": "string" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "role": { + "description": "AWS execution role.\n", + "type": "string" + }, + "runtime": { + "description": "Runtime environment for the function (e.g., nodejs).\n", + "type": "string" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanTime": { + "description": "Date/time when the scan of the function was performed.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "scannerVersion": { + "description": "Scanner version.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "status": { + "description": "Status of the function (e.g., running).\n", + "type": "string" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "timeout": { + "description": "Function execution time at which the function will be terminated.\n", + "format": "int64", + "type": "integer" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "version": { + "description": "Version of the function.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "serverless.LayerInfo": { + "description": "LayerInfo contains information about a lambda layer", + "properties": { + "id": { + "description": "ID of the layer.\n", + "type": "string" + }, + "name": { + "description": "Name of the layer.\n", + "type": "string" + }, + "version": { + "description": "Version of the layer.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Permissions": { + "description": "Permissions contain service function permissions", + "properties": { + "actions": { + "description": "Actions is API actions of the service that the function has access to.\n", + "items": { + "$ref": "#/components/schemas/serverless.ActionResources" + }, + "type": "array" + }, + "service": { + "description": "Service is the service name.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.RadarData": { + "description": "RadarData represent all data relevant to the serverless radar", + "properties": { + "serverlessRadar": { + "description": "ServerlessRadar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/serverless.RadarEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "serverless.RadarEntity": { + "description": "RadarEntity is the extended serverless radar entity", + "properties": { + "_id": { + "description": "ID is unique identifier of the function (for AWS - ARN).\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "alias": { + "description": "Alias states that the current entity is an alias of the function.\n", + "type": "boolean" + }, + "applicationName": { + "description": "ApplicationName is the name of the application the function is associated with.\n", + "type": "string" + }, + "associatedVersions": { + "description": "AssociatedVersions contain the alias associated versions, or empty if the entity isn't an alias.\n", + "items": { + "$ref": "#/components/schemas/serverless.AssociatedVersion" + }, + "type": "array" + }, + "collections": { + "description": "Collections are the matched function collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + }, + "defended": { + "description": "Defended denotes weather the function is defended by a serverless defender.\n", + "type": "boolean" + }, + "description": { + "description": "Description is the user provided description of the function.\n", + "type": "string" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents.\n", + "type": "integer" + }, + "invocations": { + "description": "Invocations is the function invocation count.\n", + "format": "double", + "type": "number" + }, + "lastModified": { + "description": "LastModified is the modification time of the function.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the function.\n", + "type": "string" + }, + "networkCount": { + "description": "NetworkCount contain the runtime network events count.\n", + "type": "integer" + }, + "permissions": { + "description": "Permissions are the function permissions.\n", + "items": { + "$ref": "#/components/schemas/serverless.Permissions" + }, + "type": "array" + }, + "permissionsBoundary": { + "description": "PermissionsBoundary are limitations of the permissions, acting as AND.\n", + "items": { + "$ref": "#/components/schemas/serverless.Permissions" + }, + "type": "array" + }, + "processesCount": { + "description": "ProcessesCount contain the runtime processes events count.\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "runtime": { + "description": "Runtime is runtime environment for the function, i.e. nodejs.\n", + "type": "string" + }, + "scanned": { + "description": "Scanned indicates if the function was scanned for vulnerabilities and compliance.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags are the cloud provider metadata tags.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "triggers": { + "description": "Triggers contain invocation paths for functions.\n", + "items": { + "$ref": "#/components/schemas/serverless.Triggers" + }, + "type": "array" + }, + "version": { + "description": "Version is the version of the function, or the alias name if it's an alias.\n", + "type": "string" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "serverless.RadarFilter": { + "description": "RadarFilter contains filter options for serverless radar entities", + "properties": { + "accountIDs": { + "description": "AccountIDs are cloud provider account IDs with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentials": { + "description": "Credentials are cloud provider credential ID's with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "regions": { + "description": "Regions are cloud provider regions with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "serverless.Resource": { + "description": "Resource is a single action resources", + "properties": { + "allow": { + "description": "Allow states if the resource is allowed or denied.\n", + "type": "boolean" + }, + "condition": { + "description": "Conditions contain limitations on resources, such as a specific prefix.\n", + "items": { + "$ref": "#/components/schemas/serverless.Condition" + }, + "type": "array" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + }, + "negate": { + "description": "Negate indicates that the policy apply to all except the given resource.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "serverless.ServiceAPI": { + "description": "ServiceAPI describes a service API", + "properties": { + "api": { + "description": "API is the service API.\n", + "type": "string" + }, + "negate": { + "description": "Negate indicates the policy apply to all APIs except the given API.\n", + "type": "boolean" + }, + "service": { + "description": "Service is the AWS service.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Trigger": { + "description": "Trigger contains function triggers", + "properties": { + "properties": { + "description": "Properties are the trigger properties. There may be multiple values per key, for example AWS S3 event types: ObjectCreatedByPost, ObjectCreatedByCopy, ObjectCreatedByPut.\n", + "items": { + "$ref": "#/components/schemas/shared.KeyValues" + }, + "type": "array" + }, + "sourceID": { + "description": "SourceID is the id of the service instance that caused the trigger. For example AWS S3 bucket ARN, AWS apigateway ARN, etc.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Triggers": { + "description": "Triggers contain a service function triggers", + "properties": { + "service": { + "description": "Service is the service name.\n", + "type": "string" + }, + "triggers": { + "description": "Triggers are the function invocation paths from the service.\n", + "items": { + "$ref": "#/components/schemas/serverless.Trigger" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.AISOperationType": { + "description": "AISOperationType represents a scan operation type", + "enum": [ + [ + "discovery", + "create-snapshot", + "deploy-scanner", + "cleanup" + ] + ], + "type": "string" + }, + "shared.ActivityType": { + "description": "ActivityType is the type of user activity", + "enum": [ + [ + "app restart", + "app install", + "app modified", + "cron modified", + "system update", + "system reboot", + "source modified", + "source added", + "iptables changed", + "secret modified", + "login", + "sudo", + "accounts modified", + "sensitive files modified", + "docker" + ] + ], + "type": "string" + }, + "shared.AgentlessAccountScanStatus": { + "description": "AgentlessAccountScanStatus represents agentless cloud account scan status", + "type": "integer" + }, + "shared.AgentlessAccountState": { + "description": "AgentlessAccountState holds the information about the agentless account state", + "properties": { + "lastScan": { + "description": "LastScan is a timestamp of the end of the last scan.\n", + "format": "date-time", + "type": "string" + }, + "regions": { + "description": "Regions is an array of regions scanned in account.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessRegionState" + }, + "type": "array" + }, + "scanStatus": { + "$ref": "#/components/schemas/shared.AgentlessAccountScanStatus" + } + }, + "type": "object" + }, + "shared.AgentlessHostTag": { + "description": "AgentlessHostTag is the tag to be checked on a discovered host", + "properties": { + "key": { + "description": "Key is the tag key.\n", + "type": "string" + }, + "value": { + "description": "Value is the tag value.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.AgentlessRegionState": { + "description": "AgentlessRegionState holds information about the statuses scans in a region", + "properties": { + "availabilityDomain": { + "description": "AvailabilityDomain is the code name of OCI availabilityDomain.\n", + "type": "string" + }, + "errorsInfo": { + "description": "ErrorsInfo holds information about the errors that occured during in region scan.\n", + "items": { + "$ref": "#/components/schemas/shared.ScanErrorInfo" + }, + "type": "array" + }, + "lastScan": { + "description": "LastScan is a timestamp of the end of the last scan.\n", + "format": "date-time", + "type": "string" + }, + "region": { + "description": "Region is the code name of the region.\n", + "type": "string" + }, + "scanCoverage": { + "$ref": "#/components/schemas/shared.AgentlessScanHostCoverage" + }, + "scanID": { + "description": "ScanID is the id of scan cycle the region was last scanned in.\n", + "type": "integer" + }, + "score": { + "description": "Score is an aggregated score of the errors in the region.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.AgentlessScanHostCoverage": { + "description": "AgentlessScanHostCoverage contains the scan coverage stats", + "properties": { + "excluded": { + "description": "Excluded is the number of hosts that were excluded from the scan.\n", + "type": "integer" + }, + "issued": { + "description": "Issued is the number of hosts that are failed to scanned.\n", + "type": "integer" + }, + "pending": { + "description": "Pending is the number of hosts that are pending ais scan.\n", + "type": "integer" + }, + "successful": { + "description": "Successful is the number of hosts that were successfully scanned.\n", + "type": "integer" + }, + "unsupported": { + "description": "Unsupported is the number of hosts that are unsupported.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.AgentlessScanSpecification": { + "description": "AgentlessScanSpecification contains information for setting up an agentless scan for a group of accounts", + "properties": { + "autoScale": { + "description": "AutoScale indicates that the number of concurrent scanners should be selected automatically.\n", + "type": "boolean" + }, + "cloudScan": { + "description": "CloudScan indicates whether the account is being scanned with prisma.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is a network-accessible address that scanners can use to publish scan results to Console.\n", + "type": "string" + }, + "customTags": { + "description": "CustomTags are optional tags that can be added to the resources created by the scan.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled indicates whether agentless scanning is enabled.\n", + "type": "boolean" + }, + "excludedTags": { + "description": "ExcludedTags are the tags used to exclude instances from the scan.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "hubAccount": { + "description": "HubAccount indicates whether the account is configured as a hub account.\n", + "type": "boolean" + }, + "hubCredentialID": { + "description": "HubCredentialID is the ID of the credentials in the credentials store to use for authenticating with the cloud provider on behalf of the scan hub account. Optional.\n", + "type": "string" + }, + "includedTags": { + "description": "IncludedTags are tags that are used to filter hosts to scan. If set, only hosts that have one or more of these tags are scanned.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "ociCompartment": { + "description": "OCICompartment is the resource group that holds all scan related resources for OCI.\n", + "type": "string" + }, + "ociExcludedCompartments": { + "description": "OCIExcludedCompartments are the compartments excluded from scan (OCI).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ociVcn": { + "description": "OCIVcn is the Virtual Cloud Network to use for the instance launched for scanning. Default value is empty string, which represents the default VCN.\n", + "type": "string" + }, + "proxyAddress": { + "description": "ProxyAddress is the optional HTTP proxy address for a setup that includes a proxy server.\n", + "type": "string" + }, + "proxyCA": { + "description": "ProxyCA is the optional proxy CA certificate for a setup that includes a TLS proxy.\n", + "type": "string" + }, + "regions": { + "description": "Regions are the cloud provider regions applicable for the scan. Default is all.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "scanNonRunning": { + "description": "ScanNonRunning indicates whether to scan non running instances.\n", + "type": "boolean" + }, + "scanners": { + "description": "Scanners is the number of concurrent scanners to perform the scan (when auto-scale is off).\n", + "type": "integer" + }, + "securityGroup": { + "description": "SecurityGroup is the security group that scanners should use (for isolation and internet access). Default is empty value to use the cloud account default security group.\n", + "type": "string" + }, + "skipPermissionsCheck": { + "description": "SkipPermissionsCheck indicates whether permissions check should be skipped for the account. This allows users to attempt scanning when permissions check fails.\n", + "type": "boolean" + }, + "subnet": { + "description": "Subnet is the network subnet to use for the instance launched for scanning. Default value is empty string, which represents the default subnet in the default VPC.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.AlertThreshold": { + "description": "AlertThreshold is the vulnerability policy alert threshold\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "disabled": { + "description": "Suppresses alerts for all vulnerabilities (true).\n", + "type": "boolean" + }, + "value": { + "description": "Minimum severity to trigger alerts. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.AllowedCVE": { + "description": "AllowedCVE is a CVE to ignore across the product", + "properties": { + "cve": { + "description": "CVE is the CVE to allow.\n", + "type": "string" + }, + "description": { + "description": "Description is the description of why this CVE is allowed.\n", + "type": "string" + }, + "expiration": { + "description": "Expiration is the expiration date for the allowed CVE.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.AppEmbeddedEmbedRequest": { + "description": "AppEmbeddedEmbedRequest represents the arguments required for a AppEmbedded defender embed request", + "properties": { + "appID": { + "description": "AppID identifies the app that the embedded app defender defender is protecting.\n", + "type": "string" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address.\n", + "type": "string" + }, + "dataFolder": { + "description": "DataFolder is the path to the Twistlock data folder in the container.\n", + "type": "string" + }, + "dockerfile": { + "description": "Dockerfile is the Dockerfile to embed AppEmbedded defender into.\n", + "type": "string" + }, + "filesystemMonitoring": { + "description": "FilesystemMonitoring is the flag of filesystem monitoring for this Defender.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.AppEmbeddedRuntimeProfile": { + "description": "AppEmbeddedRuntimeProfile represents the app embedded runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID.\n", + "type": "string" + }, + "appID": { + "description": "AppID is the app embedded defender name.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the ECS Fargate cluster name.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "collections": { + "description": "Collections are collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "container": { + "description": "Container is the app embedded container name.\n", + "type": "string" + }, + "image": { + "description": "Image is the image name.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the image ID.\n", + "type": "string" + }, + "startTime": { + "description": "StartTime is the time when the defender starts.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.AppFirewallAudit": { + "description": "AppFirewallAudit represents a firewall audit event", + "properties": { + "_id": { + "description": "ID is internal id representation.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID where the audit was generated.\n", + "type": "string" + }, + "additionalHash": { + "description": "AdditionalHash for internal use only. This parameter is used to add an additional level of uniqueness to the audit.\n", + "type": "string" + }, + "appID": { + "description": "AppID is the application ID.\n", + "type": "string" + }, + "attackField": { + "$ref": "#/components/schemas/waas.HTTPField" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "cloudProviderName": { + "$ref": "#/components/schemas/prisma.ServiceProvider" + }, + "cluster": { + "description": "Cluster is the cluster on which the audit was originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "connectingIPs": { + "description": "ConnectingIPs are the requests connecting IPs such as proxy and load-balancer.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerId": { + "description": "ContainerID is the firewall container ID.\n", + "type": "string" + }, + "containerName": { + "description": "ContainerName is the firewall container name.\n", + "type": "string" + }, + "count": { + "description": "Count is the number of audit occurrences.\n", + "type": "integer" + }, + "country": { + "description": "Country is the source IP country.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "eventID": { + "description": "EventID is the event identifier of the audit relevant request.\n", + "type": "string" + }, + "firewallType": { + "$ref": "#/components/schemas/waas.FirewallType" + }, + "fqdn": { + "description": "FQDN is the current hostname's FQDN.\n", + "type": "string" + }, + "function": { + "description": "Function is the name of the serverless function that caused the audit.\n", + "type": "string" + }, + "functionID": { + "description": "FunctionID is the id of the function called.\n", + "type": "string" + }, + "host": { + "description": "Host indicates this audit is either for host firewall or out of band firewall or agentless firewall.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the current hostname.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the firewall image ID.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the firewall image name.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the custom labels associated with the container.\n", + "type": "object" + }, + "method": { + "description": "HTTPMethod is the request HTTP method.\n", + "type": "string" + }, + "modelPath": { + "description": "ModelPath for internal use only. This parameter is a correlated path for the mapped API Model.\n", + "type": "string" + }, + "msg": { + "description": "Message is the blocking message text.\n", + "type": "string" + }, + "ns": { + "description": "Namespaces are the k8s namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "owaspAPITop10": { + "$ref": "#/components/schemas/waas.OWASPAPITop10" + }, + "owaspTop10": { + "$ref": "#/components/schemas/waas.OWASPTop10" + }, + "prismaAccountID": { + "description": "PrismaAccountID is the Prisma format account ID.\n", + "type": "string" + }, + "prismaCloudProvider": { + "$ref": "#/components/schemas/prisma.CloudType" + }, + "prismaRegion": { + "description": "PrismaRegion is the Prisma format cloud region.\n", + "type": "string" + }, + "profileId": { + "description": "ProfileID is the profile of the audit.\n", + "type": "string" + }, + "protection": { + "$ref": "#/components/schemas/waas.Protection" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "rawEvent": { + "description": "RawEvent contains unparsed function handler event input.\n", + "type": "string" + }, + "region": { + "description": "Region is the name of the region in which the serverless function is located.\n", + "type": "string" + }, + "requestHeaderNames": { + "description": "RequestHeaderNames are the request header names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "requestHeaders": { + "description": "RequestHeaders represent the request headers.\n", + "type": "string" + }, + "requestHost": { + "description": "RequestHost is the request host.\n", + "type": "string" + }, + "requestID": { + "description": "RequestID is lambda function invocation request id.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "responseHeaderNames": { + "description": "ResponseHeaderNames are the response header names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ruleAppID": { + "description": "RuleAppID is the ID of the rule's app that was applied.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule that was applied.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "statusCode": { + "description": "StatusCode is the response status code.\n", + "type": "integer" + }, + "subnet": { + "description": "Subnet is the source IP subnet.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.AttackType" + }, + "url": { + "description": "URL is the requests full URL (partial on server side - path and query only).\n", + "type": "string" + }, + "urlPath": { + "description": "URLPath is the requests url path.\n", + "type": "string" + }, + "urlQuery": { + "description": "URLQuery is the requests url query.\n", + "type": "string" + }, + "userAgentHeader": { + "description": "UserAgentHeader is the requests User-Agent header.\n", + "type": "string" + }, + "version": { + "description": "Version is the defender version.\n", + "type": "string" + }, + "workloadAssetType": { + "$ref": "#/components/schemas/prisma.AssetType" + }, + "workloadExternalResourceID": { + "description": "WorkloadExternalResourceID is the workload external resource ID (Asset External ID).\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Audit": { + "description": "Audit represents an event in the system", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID where the audit was created.\n", + "type": "string" + }, + "allow": { + "description": "Allow indicates whether the command was allowe or denied.\n", + "type": "boolean" + }, + "api": { + "description": "API is the api that is being audited.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerName": { + "description": "ContainerName is the name of the container.\n", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the fully qualified domain name from which the audit originated.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname from which the audit originated.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the name of the image.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the labels associated with the target audit (for containers/images).\n", + "type": "object" + }, + "msg": { + "description": "Msg is the message explaining the audit.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the container namespace.\n", + "type": "string" + }, + "ruleName": { + "description": "RulesName is contains the name of the rule that was applied, when blocked.\n", + "type": "string" + }, + "sourceIP": { + "description": "SourceIP is the remote agent's source IP.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "description": "Type is the audit type.\n", + "type": "string" + }, + "user": { + "description": "User is the user that run the command.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.BackupSpec": { + "description": "BackupSpec is the backup specification", + "properties": { + "id": { + "description": "ID is the full backup file name, used as the instance id in API calls.\n", + "type": "string" + }, + "name": { + "description": "Name is the backup name.\n", + "type": "string" + }, + "release": { + "description": "Release is the backup release.\n", + "type": "string" + }, + "time": { + "description": "Time is the backup creation time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.Binary": { + "description": "Binary represents a detected binary file (ELF)", + "properties": { + "altered": { + "description": "Indicates if the binary was installed from a package manager and modified/replaced (true) or not (false).\n", + "type": "boolean" + }, + "cveCount": { + "description": "Total number of CVEs for this specific binary.\n", + "type": "integer" + }, + "deps": { + "description": "Third-party package files which are used by the binary.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "fileMode": { + "description": "Represents the file's mode and permission bits.\n", + "type": "integer" + }, + "functionLayer": { + "description": "ID of the serverless layer in which the package was discovered.\n", + "type": "string" + }, + "md5": { + "description": "Md5 hashset of the binary.\n", + "type": "string" + }, + "missingPkg": { + "description": "Indicates if this binary is not related to any package (true) or not (false).\n", + "type": "boolean" + }, + "name": { + "description": "Name of the binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the path of the binary.\n", + "type": "string" + }, + "pkgRootDir": { + "description": "Path for searching packages used by the binary.\n", + "type": "string" + }, + "services": { + "description": "Names of services which use the binary.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "version": { + "description": "Version of the binary.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.BlockThreshold": { + "description": "BlockThreshold is the vulnerability policy block threshold\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "enabled": { + "description": "Enables blocking (true).\n", + "type": "boolean" + }, + "value": { + "description": "Minimum severity to trigger blocking. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.CLIScanResult": { + "description": "CLIScanResult describes a CLI scan result", + "properties": { + "_id": { + "description": "ID of the scan result.\n", + "type": "string" + }, + "build": { + "description": "CI build.\n", + "type": "string" + }, + "complianceFailureSummary": { + "description": "Scan compliance failure summary.\n", + "type": "string" + }, + "entityInfo": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "jobName": { + "description": "CI job name.\n", + "type": "string" + }, + "pass": { + "description": "Indicates if the scan passed (true) or failed (false).\n", + "type": "boolean" + }, + "time": { + "description": "Time of the scan.\n", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Scanner version.\n", + "type": "string" + }, + "vulnFailureSummary": { + "description": "Scan vulnerability failure summary.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CVEAllowList": { + "description": "CVEAllowList is a collection of allowed CVE's", + "properties": { + "_id": { + "description": "ID is the id of the feed.\n", + "type": "string" + }, + "digest": { + "description": "Digest is the feed digest.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of allowed CVEs.\n", + "items": { + "$ref": "#/components/schemas/shared.AllowedCVE" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.CVERule": { + "description": "CVERule is a vuln rule for specific vulnerability", + "properties": { + "description": { + "description": "Free-form text for documenting the exception.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "expiration": { + "$ref": "#/components/schemas/vuln.ExpirationDate" + }, + "id": { + "description": "CVE ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryAccount": { + "description": "CloudDiscoveryAccount holds data about a discovered account", + "properties": { + "accountName": { + "description": "AccountName is the cloud account name.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether the account is scan by agentless.\n", + "type": "boolean" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryEntity": { + "description": "CloudDiscoveryEntity holds data about a discovered entity", + "properties": { + "accountID": { + "description": "AccountID is the cloud provider account ID.\n", + "type": "string" + }, + "activeServicesCount": { + "description": "ActiveServicesCount is the number of active services in ecs cluster.\n", + "format": "int64", + "type": "integer" + }, + "arn": { + "description": "The Amazon Resource Name (ARN) assigned to the entity.\n", + "type": "string" + }, + "collections": { + "description": "Collections are the matched result collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerGroup": { + "description": "ContainerGroup is the azure aci container group the container belongs to.\n", + "type": "string" + }, + "createdAt": { + "description": "CreatedAt is the time when the entity was created.\n", + "format": "date-time", + "type": "string" + }, + "defended": { + "description": "Defended indicates if the entity is defended.\n", + "type": "boolean" + }, + "endpoints": { + "description": "Endpoints are the cluster endpoints.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "image": { + "description": "Image is the image of an aci container.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the modification time of the function.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the entity.\n", + "type": "string" + }, + "nodesCount": { + "description": "NodesCount is the number of nodes in the cluster (aks, gke).\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registry": { + "description": "Registry is the Azure registry that was scanned, for example: testcloudscanregistry.azurecr.io.\n", + "type": "string" + }, + "resourceGroup": { + "description": "ResourceGroup is the the azure resource group containing the entity.\n", + "type": "string" + }, + "runningTasksCount": { + "description": "RunningTasksCount is the number of running tasks in ecs cluster.\n", + "format": "int64", + "type": "integer" + }, + "runtime": { + "description": "Runtime is runtime environment for the function, i.e. nodejs.\n", + "type": "string" + }, + "serviceType": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "status": { + "description": "Status is the current status of entity.\n", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the time in which the instance info was fetched.\n", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Version is the version of the entity.\n", + "type": "string" + }, + "zone": { + "description": "Zone is the GCP zone that was scanned.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryRadar": { + "description": "CloudDiscoveryRadar represents a cloud radar", + "properties": { + "accounts": { + "description": "Accounts is the number of accounts.\n", + "type": "integer" + }, + "agentlessDisabledAccounts": { + "description": "AgentlessDisabledAccounts is the number of accounts with agentless is disable.\n", + "type": "integer" + }, + "appEmbedded": { + "description": "AppEmbedded indicates whether the region includes app Embedded.\n", + "type": "boolean" + }, + "clusters": { + "description": "Clusters indicates whether the region includes clusters.\n", + "type": "boolean" + }, + "defended": { + "description": "Defended is the number of defended entities.\n", + "type": "integer" + }, + "errCount": { + "description": "ErrCount is the number of errors.\n", + "type": "integer" + }, + "functions": { + "description": "Functions indicates whether the region includes functions.\n", + "type": "boolean" + }, + "nodes": { + "description": "NodesCount is the number of nodes.\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registries": { + "description": "Registries indicates whether the region includes registries.\n", + "type": "boolean" + }, + "total": { + "description": "Total is total number of entities found in cloud scan.\n", + "type": "integer" + }, + "vms": { + "description": "VMs indicates whether the region includes VMs.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryResult": { + "description": "CloudDiscoveryResult represents a cloud scan result for a specific cloud provider, service and region", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "accountName": { + "description": "AccountName is the cloud account name.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether the account is scan by agentless.\n", + "type": "boolean" + }, + "collections": { + "description": "Collections are the matched result collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + }, + "defended": { + "description": "Defended is the number of defended entities (registries, functions, clusters).\n", + "type": "integer" + }, + "defenseCoverage": { + "description": "DefenseCoverage is the defense coverage percentage (0-100).\n", + "type": "integer" + }, + "err": { + "description": "Err holds any error found during a scan.\n", + "type": "string" + }, + "nodes": { + "description": "Nodes is the number of nodes.\n", + "type": "integer" + }, + "project": { + "description": "Project is the GCP project that was scanned.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registry": { + "description": "Registry is the registry that was scanned, for example: testcloudscanregistry.azurecr.io.\n", + "type": "string" + }, + "registryTags": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "RegistryTags are the registry tags.\n", + "type": "object" + }, + "serviceType": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "total": { + "description": "Total is total number of entities found in cloud scan.\n", + "type": "integer" + }, + "undefended": { + "description": "Undefended is the number of undefended entities (registries, functions, clusters).\n", + "type": "integer" + }, + "zone": { + "description": "Zone is the zone that was scanned, only relevant to GCP.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudScanRule": { + "description": "CloudScanRule is a rule for discovery/compliance/serverless radar scanning", + "properties": { + "agentlessAccountState": { + "$ref": "#/components/schemas/shared.AgentlessAccountState" + }, + "agentlessScanSpec": { + "$ref": "#/components/schemas/shared.AgentlessScanSpecification" + }, + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "complianceCheckIDs": { + "description": "ComplianceCheckIDs are the compliance checks IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential.\n", + "type": "string" + }, + "deleted": { + "description": "Deleted reports whether the account is deleted.\n", + "type": "boolean" + }, + "discoverAllFunctionVersions": { + "description": "DiscoverAllFunctionVersions indicates whether serverless discovery and radar scans should scan all function versions or only latest.\n", + "type": "boolean" + }, + "discoveryEnabled": { + "description": "DiscoveryEnabled indicates whether discovery scan is enabled.\n", + "type": "boolean" + }, + "modified": { + "description": "Modified holds the last modified time (in Compute).\n", + "format": "int64", + "type": "integer" + }, + "organizationName": { + "description": "OrganizationName is the organization the account belongs to (if any).\n", + "type": "string" + }, + "prismaLastModified": { + "description": "PrismaLastModified reports the last time the account was modified by Prisma (unix milliseconds).\n", + "format": "int64", + "type": "integer" + }, + "serverlessRadarCap": { + "description": "ServerlessRadarCap is the maximum number of functions to scan in serverless radar.\n", + "type": "integer" + }, + "serverlessRadarEnabled": { + "description": "ServerlessRadarEnabled indicates whether serverless radar scan is enabled.\n", + "type": "boolean" + }, + "serverlessScanSpec": { + "$ref": "#/components/schemas/shared.ServerlessScanSpecification" + }, + "vmTagsEnabled": { + "description": "VMTagsEnabled indicates whether fetching VM instance tags is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.CodeRepoProviderType": { + "description": "CodeRepoProviderType is the type of provider for the code repository, e.g., GitHub, GitLab etc", + "enum": [ + [ + "github", + "CI" + ] + ], + "type": "string" + }, + "shared.CompressedLayerTimes": { + "description": "CompressedLayerTimes represent the compressed layer times of the image apps and pkgs", + "properties": { + "appTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/int64" + }, + "type": "array" + }, + "pkgsTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/shared.PkgsTimes" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.Conditions": { + "description": "Conditions contains rule conditions. Conditions apply only for their respective policy type", + "properties": { + "device": { + "description": "Allowed volume host device (wildcard). If a \"container create\" command specifies a non matching host device, th action is blocked. Only applies to rules in certain policy types.\n", + "type": "string" + }, + "readonly": { + "description": "Indicates if the condition applies only to read-only commands (i.e., HTTP GET requests) (true) or not (false).\n", + "type": "boolean" + }, + "vulnerabilities": { + "description": "Block and scan severity-based vulnerabilities conditions.\n", + "items": { + "$ref": "#/components/schemas/vuln.Condition" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.Connection": { + "description": "Connection is a radar internet connection", + "properties": { + "port": { + "description": ".\n", + "type": "integer" + }, + "protocol": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerHistoryEvent": { + "description": "ContainerHistoryEvent is a container process event created by interactive user", + "properties": { + "_id": { + "description": "ID is the history event entity.\n", + "type": "string" + }, + "command": { + "description": "Command is the process that was executed.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname on which the command was invoked.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerInfo": { + "description": "ContainerInfo contains all information gathered on a specific container", + "properties": { + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "app": { + "description": "App is the app that is hosted in the container.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "ComplianceIssues are all the container compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": ".\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "ComplianceRiskScore is the container's compliance risk score.\n", + "format": "float", + "type": "number" + }, + "externalLabels": { + "description": "ExternalLabels is the external labels e.g., kubernetes namespace labels.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "id": { + "description": "ID is the container id.\n", + "type": "string" + }, + "image": { + "description": "Image is the canonical image name.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the image id.\n", + "type": "string" + }, + "imageName": { + "description": "The image name as stated in the docker run command.\n", + "type": "string" + }, + "infra": { + "description": "Infra represents any container that belongs to the infrastructure.\n", + "type": "boolean" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "labels": { + "description": "Labels are the container labels (https://docs.docker.com/engine/userguide/labels-custom-metadata/).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the container name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the k8s deployment namespace.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/shared.ContainerNetwork" + }, + "networkSettings": { + "$ref": "#/components/schemas/shared.DockerNetworkInfo" + }, + "processes": { + "description": "Processes are the processes that are running inside the container.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerProcess" + }, + "type": "array" + }, + "profileID": { + "description": "ProfileID is the container profile id.\n", + "type": "string" + }, + "sizeBytes": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "startTime": { + "description": "StartTime is the starting time of the container.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerNetwork": { + "description": "ContainerNetwork contains details about the container network (ports, IPs, type etc...)", + "properties": { + "ports": { + "description": "Ports are the ports details associated with the container.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerPort" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ContainerNetworkFirewallProfileAudits": { + "description": "ContainerNetworkFirewallProfileAudits represents the container network firewall profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.ContainerNetworkFirewallSubtypeAudits" + }, + "description": "Audits is a map from the audit sub-type to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ContainerNetworkFirewallSubtypeAudits": { + "description": "ContainerNetworkFirewallSubtypeAudits represents the container network firewall sub type audits per profile", + "properties": { + "audits": { + "description": "Audits are the container network firewall audits associated with the sub-type, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/cnnf.ContainerAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ContainerPort": { + "description": "ContainerPort represents the state of a port in a given container", + "properties": { + "container": { + "description": "Container is the mapped port inside the container.\n", + "type": "integer" + }, + "host": { + "description": "Host is the host port number.\n", + "type": "integer" + }, + "hostIP": { + "description": "HostIP is the host IP.\n", + "type": "string" + }, + "listening": { + "description": "Listening indicates whether the port is in listening mode.\n", + "type": "boolean" + }, + "nat": { + "description": "NAT indicates the port is exposed using NAT.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.ContainerProcess": { + "description": "ContainerProcess represents a process inside a container", + "properties": { + "name": { + "description": "Name is a process name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerRadarIncomingConnection": { + "description": "ContainerRadarIncomingConnection is an incoming connection in the network radar", + "properties": { + "policyRules": { + "description": "PolicyRules are the policy rules that are applicable for source/dest. Used for radar display of connections deduced from policy rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "type": "array" + }, + "ports": { + "description": "Ports are all the ports used by the sender.\n", + "items": { + "$ref": "#/components/schemas/common.PortData" + }, + "type": "array" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "profileID": { + "description": "ProfileID is the sender's profile ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerRuntimeProfile": { + "description": "ContainerRuntimeProfile represents the image runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID.\n", + "type": "string" + }, + "accountIDs": { + "description": "AccountIDs are the cloud account IDs associated with the container runtime profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "archived": { + "description": "Archive indicates whether this profile is archived.\n", + "type": "boolean" + }, + "capabilities": { + "$ref": "#/components/schemas/runtime.ContainerCapabilities" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "entrypoint": { + "description": "Entrypoint is the image entrypoint.\n", + "type": "string" + }, + "events": { + "description": "Events are the last historical interactive process events for this profile, they are updated in a designated flow.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerHistoryEvent" + }, + "type": "array" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.ProfileFilesystem" + }, + "hash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "hostNetwork": { + "description": "HostNetwork whether the instance share the network namespace with the host.\n", + "type": "boolean" + }, + "hostPid": { + "description": "HostPid indicates whether the instance share the pid namespace with the host.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the image name that represents the image.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the profile's image ID.\n", + "type": "string" + }, + "infra": { + "description": "InfraContainer indicates this is an infrastructure container.\n", + "type": "boolean" + }, + "istio": { + "description": "Istio states whether it is an istio-monitored profile.\n", + "type": "boolean" + }, + "k8s": { + "$ref": "#/components/schemas/shared.ProfileKubernetesData" + }, + "label": { + "description": "Label is the profile's label.\n", + "type": "string" + }, + "lastUpdate": { + "description": "Modified is the last time when this profile was modified.\n", + "format": "date-time", + "type": "string" + }, + "learnedStartup": { + "description": "LearnedStartup indicates that startup events were learned.\n", + "type": "boolean" + }, + "namespace": { + "description": "Namespace is the k8s deployment namespace.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.ProfileNetwork" + }, + "os": { + "description": "OS is the profile image OS.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProfileProcesses" + }, + "relearningCause": { + "description": "RelearningCause is a string that describes the reasoning for a profile to enter the learning mode after\nbeing activated.\n", + "type": "string" + }, + "remainingLearningDurationSec": { + "description": "RemainingLearningDurationSec represents the total time left that the system need to finish learning this image.\n", + "format": "double", + "type": "number" + }, + "state": { + "$ref": "#/components/schemas/shared.RuntimeProfileState" + } + }, + "type": "object" + }, + "shared.ContainerScanResult": { + "description": "ContainerScanResult contains the result of a scanning a container", + "properties": { + "_id": { + "description": "ID is the container ID.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates if the result was received by an agentless scanner.\n", + "type": "boolean" + }, + "agentlessScanID": { + "description": "AgentlessScanID is the ID of the agentless scan in which the result was received.\n", + "type": "integer" + }, + "ais": { + "description": "AIS indicates the scan was performed by AIS.\n", + "type": "boolean" + }, + "collections": { + "description": "Collections are collections to which this container applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "hostname": { + "description": "Hostname is the hostname on which the container is deployed.\n", + "type": "string" + }, + "info": { + "$ref": "#/components/schemas/shared.ContainerInfo" + }, + "runtimeEnabled": { + "description": "RuntimeEnabled indicates if any runtime rule applies to the container.\n", + "type": "boolean" + }, + "scanTime": { + "description": "ScanTime is the container scan time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.Coordinates": { + "description": "Coordinates represents a region coordinates type", + "properties": { + "latitude": { + "description": "Latitude coordinate.\n", + "format": "float", + "type": "number" + }, + "longitude": { + "description": "Longitude coordinate.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.CustomComplianceCheck": { + "description": "CustomComplianceCheck represents a custom compliance check entry", + "properties": { + "_id": { + "description": "ID is the compliance check ID.\n", + "type": "integer" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "script": { + "description": "Script is the custom check script.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the custom check defined severity.\n", + "type": "string" + }, + "title": { + "description": "Title is the custom check title.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CustomIPFeed": { + "description": "CustomIPFeed represent the custom IP feed", + "properties": { + "_id": { + "description": "ID is the custom feed id.\n", + "type": "string" + }, + "digest": { + "description": "Digest is an internal digest of the custom ip feed.\n", + "type": "string" + }, + "feed": { + "$ref": "#/components/schemas/shared.IPs" + }, + "modified": { + "description": "Modified is the last time the custom feed was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.CustomLabelsSettings": { + "description": "CustomLabelsSettings are customized label names that are used to augment audit events\nThey can either be docker labels (which appears in the container label specification)\nor k8s/openshift labels (which appears in the pause container that monitors the target container)", + "properties": { + "labels": { + "description": "Labels are the custom labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.CustomMalwareFeed": { + "description": "CustomMalwareFeed represent the custom malware", + "properties": { + "_id": { + "description": "ID is the custom feed id.\n", + "type": "string" + }, + "digest": { + "description": "Digest is an internal digest of the feed.\n", + "type": "string" + }, + "feed": { + "description": "Feed is the list of custom malware signatures.\n", + "items": { + "$ref": "#/components/schemas/shared.Malware" + }, + "type": "array" + }, + "modified": { + "description": "Modified is the last time the custom feed was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.DefenderInstallBundle": { + "description": "DefenderInstallBundle represents the install bundle for the defender", + "properties": { + "installBundle": { + "description": "InstallBundle is the base64 bundle of certificates used to communicate with the console.\n", + "type": "string" + }, + "wsAddress": { + "description": "WSAddress is the websocket address (console ) the TAS defender connects to.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.DefenderLicenseDetails": { + "description": "DefenderLicenseDetails represents a single defender license details", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "count": { + "description": "Count is the amount of licensed defenders.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.DockerNetworkInfo": { + "description": "DockerNetworkInfo contains network-related information about a container", + "properties": { + "ipAddress": { + "description": "IPAddress is the container IP.\n", + "type": "string" + }, + "macAddress": { + "description": "MacAddress is the container MAC.\n", + "type": "string" + }, + "networks": { + "description": "Networks are the networks the container is connected to.\n", + "items": { + "$ref": "#/components/schemas/shared.NetworkInfo" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the container network binding that are externally mapped.\n", + "items": { + "$ref": "#/components/schemas/shared.Port" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.EncodeServerlessRuleOpts": { + "description": "EncodeServerlessRuleOpts represents the arguments to serverless rule encoding request", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "consoleAddr": { + "description": "ConsoleAddr is the remote console address.\n", + "type": "string" + }, + "function": { + "description": "Function is the name of the function.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "region": { + "description": "Region is the function's cloud provider region.\n", + "type": "string" + }, + "updateIntervalMs": { + "description": "UpdateIntervalMs is the interval between defender policy requests from the console in milliseconds.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.EncodedServerlessRule": { + "description": "EncodedServerlessRule represents a base64-encoded serverless rule", + "properties": { + "data": { + "description": "Data is a base64-encoded serverless runtime rule.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.EntityType": { + "description": "EntityType represents the type of the resource identifier", + "enum": [ + [ + "", + "docker", + "kubernetes", + "tas", + "istio", + "internet" + ] + ], + "type": "string" + }, + "shared.FileDetails": { + "description": "FileDetails contains file details as the file path, hash checksum", + "properties": { + "md5": { + "description": "Hash sum of the file using md5.\n", + "type": "string" + }, + "path": { + "description": "Path of the file.\n", + "type": "string" + }, + "sha1": { + "description": "Hash sum of the file using SHA-1.\n", + "type": "string" + }, + "sha256": { + "description": "Hash sum of the file using SHA256.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.FileIntegrityEvent": { + "description": "FileIntegrityEvent represents a single file integrity event detected according to the file integrity monitoring rules", + "properties": { + "_id": { + "description": "ID is activity's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster on which the event was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this event applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "description": { + "description": "Description is a human readable description of the action performed on the path.\n", + "type": "string" + }, + "eventType": { + "$ref": "#/components/schemas/shared.FileIntegrityEventType" + }, + "fileType": { + "$ref": "#/components/schemas/runtime.FSFileType" + }, + "fqdn": { + "description": "FQDN is the current fully qualified domain name used in audit alerts.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname on which the event was found.\n", + "type": "string" + }, + "metadata": { + "$ref": "#/components/schemas/shared.FileMetadata" + }, + "path": { + "description": "Path is the absolute path of the event.\n", + "type": "string" + }, + "processName": { + "description": "ProcessName is the name of the process initiated the event.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the applied rule for auditing file integrity rules.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the user initiated the event.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.FileIntegrityEventType": { + "description": "FileIntegrityEventType represents the type of the file integrity event", + "enum": [ + [ + "metadata", + "read", + "write" + ] + ], + "type": "string" + }, + "shared.FileMetadata": { + "description": "FileMetadata represents the metadata of a single file/directory", + "properties": { + "gid": { + "description": "GID is the ID of the group that owns the file/directory.\n", + "type": "integer" + }, + "permissions": { + "description": "Permissions are the file/directory permission bits.\n", + "type": "integer" + }, + "uid": { + "description": "UID is the ID of the user that owns the file/directory.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ForensicSettings": { + "description": "ForensicSettings are settings for the forensic data collection", + "properties": { + "appEmbeddedDiskUsageMb": { + "description": "AppEmbeddedDiskUsageMb is the maximum amount of disk space used to\nstore the app embedded historical forensic events.\n", + "type": "integer" + }, + "collectNetworkFirewall": { + "description": "CollectNetworkFirewall indicates whether network firewall collection is enabled.\n", + "type": "boolean" + }, + "collectNetworkSnapshot": { + "description": "CollectNetworkSnapshot indicates whether network snapshot collection is enabled.\n", + "type": "boolean" + }, + "containerDiskUsageMb": { + "description": "ContainerDiskUsageMb is the maximum amount of disk space used to\nstore the container historical forensic events.\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled indicates whether host and container forensic data collection is enabled.\n", + "type": "boolean" + }, + "hostDiskUsageMb": { + "description": "HostDiskUsageMb is the maximum amount of disk space used to store\nthe host historical forensic events.\n", + "type": "integer" + }, + "incidentSnapshotsCap": { + "description": "IncidentSnapshotCap is the maximum amount of incident snapshots we store.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.GitlabRegistrySpec": { + "description": "GitlabRegistrySpec represents a specification for registry scanning in GitLab", + "properties": { + "apiDomainName": { + "description": ".\n", + "type": "string" + }, + "excludedGroupIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "groupIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "projectIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "userID": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.GraceDaysPolicy": { + "description": "GraceDaysPolicy indicates the grace days policy by severity", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled is an indication whether the the grace days by severity is enabled.\n", + "type": "boolean" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostActivity": { + "description": "HostActivity holds information for a user activity", + "properties": { + "_id": { + "description": "ID is activity's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "affectedServices": { + "description": "AffectedServices is the affected systemd service.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this host activity applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "command": { + "description": "Command is the original (with arguments) command the user invoked.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname the activity originated from.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates that the target process was spawned in an interactive session.\n", + "type": "boolean" + }, + "modifiedFiles": { + "description": "ModifiedFiles is the related modified files.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "msg": { + "description": "Message contains additional non-structured information about the activity, e.g. throttling message.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule applied to the host activity.\n", + "type": "string" + }, + "service": { + "description": "Service is the owning systemd service.\n", + "type": "string" + }, + "time": { + "description": "Time is time of the activity.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.ActivityType" + }, + "user": { + "description": "Username of the user that triggered the activity.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.HostAutoDeploySpecification": { + "description": "HostAutoDeploySpecification contains the information for host defender auto-deploy", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "bucketRegion": { + "description": "BucketRegion is the bucket region for Cloud Storage on GCP.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "consoleHostname": { + "description": "ConsoleHostname represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the last modified time of the specification.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the spec.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.HostAutoDeploySpecifications": { + "description": "HostAutoDeploySpecifications is a list of host auto-deploy specifications", + "items": { + "$ref": "#/components/schemas/shared.HostAutoDeploySpecification" + }, + "type": "array" + }, + "shared.HostInfo": { + "description": "HostInfo is a collection of information about the host and it's runtime state", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "Image identifier (image ID or repo:tag).\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates that the host was scanned with the agentless scanner.\n", + "type": "boolean" + }, + "aisUUID": { + "description": "AISUUID is the unique instance ID in the agentless instance scanning system.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "appEmbedded": { + "description": "Indicates that this image was scanned by an App-Embedded Defender.\n", + "type": "boolean" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "err": { + "description": "Description of an error that occurred during image scan.\n", + "type": "string" + }, + "errCode": { + "$ref": "#/components/schemas/agentless.ImageScanResultErrCode" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostRuntimeEnabled": { + "description": "HostRuntimeEnabled indicates if any runtime rule applies to the host.\n", + "type": "boolean" + }, + "hostname": { + "description": "Name of the host that was scanned.\n", + "type": "string" + }, + "hosts": { + "$ref": "#/components/schemas/shared.ImageHosts" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "instances": { + "description": "Details about each occurrence of the image (tag + host).\n", + "items": { + "$ref": "#/components/schemas/shared.ImageInstance" + }, + "type": "array" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "malwareAnalyzedTime": { + "description": "MalwareAnalyzedTime is the WildFire evaluator analyzing time shown as progress in UI and cannot to be overwritten by a new scan result.\n", + "format": "date-time", + "type": "string" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pullDuration": { + "description": "PullDuration is the time it took to pull the image.\n", + "format": "int64", + "type": "integer" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanDuration": { + "description": "ScanDuration is the total time it took to scan the image.\n", + "format": "int64", + "type": "integer" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "scanTime": { + "description": "Specifies the time of the last scan of the image.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "stopped": { + "description": "Stopped indicates whether the host was running during the agentless scan.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "trustResult": { + "$ref": "#/components/schemas/trust.ImageResult" + }, + "trustStatus": { + "$ref": "#/components/schemas/trust.Status" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + }, + "wildFireUsage": { + "$ref": "#/components/schemas/wildfire.Usage" + } + }, + "type": "object" + }, + "shared.HostNetworkFirewallProfileAudits": { + "description": "HostNetworkFirewallProfileAudits represents the host network firewall profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.HostNetworkFirewallSubtypeAudits" + }, + "description": "Audits is a map from the audit sub-type to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostNetworkFirewallSubtypeAudits": { + "description": "HostNetworkFirewallSubtypeAudits represents the host network firewall sub type audits per profile", + "properties": { + "audits": { + "description": "Audits are the host network firewall audits associated with the sub-type, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/cnnf.HostAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostRadarIncomingConnection": { + "description": "HostRadarIncomingConnection is the incoming connection between two apps in two hosts", + "properties": { + "dstHost": { + "description": "DstHost is the src hostname.\n", + "type": "string" + }, + "policyRules": { + "description": "PolicyRules are the policy rules that are applicable for source/dest. Used for radar display of connections deduced from policy rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the destination ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortData" + }, + "type": "array" + }, + "srcHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcHost": { + "description": "SrcHost is the src hostname.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.IPs": { + "description": "IPs represents a list of IPs", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "shared.Image": { + "description": "Image represents a container image", + "properties": { + "created": { + "description": "Date/time when the image was created.\n", + "format": "date-time", + "type": "string" + }, + "entrypoint": { + "description": "Combined entrypoint of the image (entrypoint + CMD).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "env": { + "description": "Image environment variables.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "healthcheck": { + "description": "Indicates if health checks are enabled (true) or not (false).\n", + "type": "boolean" + }, + "history": { + "description": "Holds the image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "id": { + "description": "ID of the image.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Image labels.\n", + "type": "object" + }, + "layers": { + "description": "Image filesystem layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "os": { + "description": "Image os type.\n", + "type": "string" + }, + "repoDigest": { + "description": "Image repo digests.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTags": { + "description": "Image repo tags.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "user": { + "description": "Image user.\n", + "type": "string" + }, + "workingDir": { + "description": "Base working directory of the image.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ImageHistory": { + "description": "ImageHistory represent a layer in the image's history", + "properties": { + "baseLayer": { + "description": "Indicates if this layer originated from the base image (true) or not (false).\n", + "type": "boolean" + }, + "created": { + "description": "Date/time when the image layer was created.\n", + "format": "int64", + "type": "integer" + }, + "emptyLayer": { + "description": "Indicates if this instruction didn't create a separate layer (true) or not (false).\n", + "type": "boolean" + }, + "id": { + "description": "ID of the layer.\n", + "type": "string" + }, + "instruction": { + "description": "Docker file instruction and arguments used to create this layer.\n", + "type": "string" + }, + "sizeBytes": { + "description": "Size of the layer (in bytes).\n", + "format": "int64", + "type": "integer" + }, + "tags": { + "description": "Holds the image tags.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerabilities": { + "description": "Vulnerabilities which originated from this layer.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ImageHost": { + "description": "ImageHost holds information about image scan result per host", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID the image is associated with.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates if the image was scanned as part of an agentless scan.\n", + "type": "boolean" + }, + "agentlessScanID": { + "description": "AgentlessScanID is the ID of the agentless scan in which the result was received.\n", + "type": "integer" + }, + "ais": { + "description": "AIS indicates the scan was performed by AIS.\n", + "type": "boolean" + }, + "appEmbedded": { + "description": "AppEmbedded indicates if the host is an app embedded host.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the cluster on which the image is deployed.\n", + "type": "string" + }, + "csa": { + "description": "CSA indicates if the image was scanned by CSA.\n", + "type": "boolean" + }, + "modified": { + "description": "Modified is the last scan time.\n", + "format": "date-time", + "type": "string" + }, + "namespaces": { + "description": "Namespaces are the namespaces on which the image is deployed.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ImageHosts": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.ImageHost" + }, + "description": "ImageHosts is a fast index for image scan results metadata per host", + "type": "object" + }, + "shared.ImageInfo": { + "description": "ImageInfo contains image information collected during image scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.ImageInstance": { + "description": "ImageInstance represents an image on a single host", + "properties": { + "host": { + "description": ".\n", + "type": "string" + }, + "image": { + "description": ".\n", + "type": "string" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "registry": { + "description": ".\n", + "type": "string" + }, + "repo": { + "description": ".\n", + "type": "string" + }, + "tag": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ImageScanResult": { + "description": "ImageScanResult holds the result of an image scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "Image identifier (image ID or repo:tag).\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates that the host was scanned with the agentless scanner.\n", + "type": "boolean" + }, + "aisUUID": { + "description": "AISUUID is the unique instance ID in the agentless instance scanning system.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "appEmbedded": { + "description": "Indicates that this image was scanned by an App-Embedded Defender.\n", + "type": "boolean" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "err": { + "description": "Description of an error that occurred during image scan.\n", + "type": "string" + }, + "errCode": { + "$ref": "#/components/schemas/agentless.ImageScanResultErrCode" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostRuntimeEnabled": { + "description": "HostRuntimeEnabled indicates if any runtime rule applies to the host.\n", + "type": "boolean" + }, + "hostname": { + "description": "Name of the host that was scanned.\n", + "type": "string" + }, + "hosts": { + "$ref": "#/components/schemas/shared.ImageHosts" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "instances": { + "description": "Details about each occurrence of the image (tag + host).\n", + "items": { + "$ref": "#/components/schemas/shared.ImageInstance" + }, + "type": "array" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "malwareAnalyzedTime": { + "description": "MalwareAnalyzedTime is the WildFire evaluator analyzing time shown as progress in UI and cannot to be overwritten by a new scan result.\n", + "format": "date-time", + "type": "string" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pullDuration": { + "description": "PullDuration is the time it took to pull the image.\n", + "format": "int64", + "type": "integer" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanDuration": { + "description": "ScanDuration is the total time it took to scan the image.\n", + "format": "int64", + "type": "integer" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "scanTime": { + "description": "Specifies the time of the last scan of the image.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "stopped": { + "description": "Stopped indicates whether the host was running during the agentless scan.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "trustResult": { + "$ref": "#/components/schemas/trust.ImageResult" + }, + "trustStatus": { + "$ref": "#/components/schemas/trust.Status" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + }, + "wildFireUsage": { + "$ref": "#/components/schemas/wildfire.Usage" + } + }, + "type": "object" + }, + "shared.ImageTag": { + "description": "ImageTag represents an image repository and its associated tag or registry digest", + "properties": { + "digest": { + "description": "Image digest (requires V2 or later registry).\n", + "type": "string" + }, + "id": { + "description": "ID of the image.\n", + "type": "string" + }, + "registry": { + "description": "Registry name to which the image belongs.\n", + "type": "string" + }, + "repo": { + "description": "Repository name to which the image belongs.\n", + "type": "string" + }, + "tag": { + "description": "Image tag.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Incident": { + "description": "Incident represents an incident", + "properties": { + "_id": { + "description": "Internal ID of the incident.\n", + "type": "string" + }, + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "acknowledged": { + "description": "Indicates if the incident has been acknowledged (true) or not (false).\n", + "type": "boolean" + }, + "app": { + "description": "Application that caused the incident.\n", + "type": "string" + }, + "appID": { + "description": "Application ID.\n", + "type": "string" + }, + "audits": { + "description": "All runtime audits of the incident.\n", + "items": { + "$ref": "#/components/schemas/shared.RuntimeAudit" + }, + "type": "array" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "cluster": { + "description": "Cluster on which the incident was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this incident applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerID": { + "description": "ID of the container that triggered the incident.\n", + "type": "string" + }, + "containerName": { + "description": "Unique container name.\n", + "type": "string" + }, + "customRuleName": { + "description": "Name of the custom runtime rule that triggered the incident.\n", + "type": "string" + }, + "fqdn": { + "description": "Current hostname's full domain name.\n", + "type": "string" + }, + "function": { + "description": "Name of the serverless function.\n", + "type": "string" + }, + "functionID": { + "description": "ID of the function that triggered the incident.\n", + "type": "string" + }, + "hostname": { + "description": "Current hostname.\n", + "type": "string" + }, + "imageID": { + "description": "Container image ID.\n", + "type": "string" + }, + "imageName": { + "description": "Container image name.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Custom labels associated with the container.\n", + "type": "object" + }, + "namespace": { + "description": "k8s deployment namespace.\n", + "type": "string" + }, + "profileID": { + "description": "Runtime profile ID.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region of the resource on which the incident was found.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource on which the incident was found.\n", + "type": "string" + }, + "runtime": { + "description": "Runtime of the serverless function.\n", + "type": "string" + }, + "serialNum": { + "description": "Serial number of the incident.\n", + "type": "integer" + }, + "shouldCollect": { + "description": "Indicates if this incident should be collected (true) or not (false).\n", + "type": "boolean" + }, + "time": { + "description": "Time of the incident (in UTC time).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.IncidentType" + }, + "vmID": { + "description": "Azure unique VM ID on which the incident was found.\n", + "type": "string" + }, + "windows": { + "description": "Windows indicates if defender OS type is Windows.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.IncidentCategory": { + "description": "IncidentCategory is the incident category", + "enum": [ + [ + "portScanning", + "hijackedProcess", + "dataExfiltration", + "kubernetes", + "backdoorAdministrativeAccount", + "backdoorSSHAccess", + "cryptoMiner", + "lateralMovement", + "bruteForce", + "customRule", + "alteredBinary", + "suspiciousBinary", + "executionFlowHijackAttempt", + "reverseShell", + "malware", + "cloudProvider" + ] + ], + "type": "string" + }, + "shared.IncidentType": { + "description": "IncidentType is the type of the incident", + "enum": [ + [ + "host", + "container", + "function", + "appEmbedded", + "fargate" + ] + ], + "type": "string" + }, + "shared.InstalledProducts": { + "description": "InstalledProducts contains data regarding products running in environment\nTODO #34713: Swarm support was deprecated in Joule, remove swarm node/manager boolean (and related compliance) in Lagrange", + "properties": { + "agentless": { + "description": "Agentless indicates whether the scan was performed with agentless approach.\n", + "type": "boolean" + }, + "apache": { + "description": "Apache indicates the apache server version, empty in case apache not running.\n", + "type": "string" + }, + "awsCloud": { + "description": "AWSCloud indicates whether AWS cloud is used.\n", + "type": "boolean" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "crio": { + "description": "CRI indicates whether the container runtime is CRI (and not docker).\n", + "type": "boolean" + }, + "docker": { + "description": "Docker represents the docker daemon version.\n", + "type": "string" + }, + "dockerEnterprise": { + "description": "DockerEnterprise indicates whether the enterprise version of Docker is installed.\n", + "type": "boolean" + }, + "hasPackageManager": { + "description": "HasPackageManager indicates whether package manager is installed on the OS.\n", + "type": "boolean" + }, + "k8sApiServer": { + "description": "K8sAPIServer indicates whether a kubernetes API server is running.\n", + "type": "boolean" + }, + "k8sControllerManager": { + "description": "K8sControllerManager indicates whether a kubernetes controller manager is running.\n", + "type": "boolean" + }, + "k8sEtcd": { + "description": "K8sEtcd indicates whether etcd is running.\n", + "type": "boolean" + }, + "k8sFederationApiServer": { + "description": "K8sFederationAPIServer indicates whether a federation API server is running.\n", + "type": "boolean" + }, + "k8sFederationControllerManager": { + "description": "K8sFederationControllerManager indicates whether a federation controller manager is running.\n", + "type": "boolean" + }, + "k8sKubelet": { + "description": "K8sKubelet indicates whether kubelet is running.\n", + "type": "boolean" + }, + "k8sProxy": { + "description": "K8sProxy indicates whether a kubernetes proxy is running.\n", + "type": "boolean" + }, + "k8sScheduler": { + "description": "K8sScheduler indicates whether the kubernetes scheduler is running.\n", + "type": "boolean" + }, + "kubernetes": { + "description": "Kubernetes represents the kubernetes version.\n", + "type": "string" + }, + "managedClusterVersion": { + "description": "ManagedClusterVersion is the version of the managed Kubernetes service, e.g. AKS/EKS/GKE/etc.\n", + "type": "string" + }, + "openshift": { + "description": "Openshift indicates whether openshift is deployed.\n", + "type": "boolean" + }, + "openshiftVersion": { + "description": "OpenshiftVersion represents the running openshift version.\n", + "type": "string" + }, + "osDistro": { + "description": "OSDistro specifies the os distribution.\n", + "type": "string" + }, + "serverless": { + "description": "Serverless indicates whether evaluated on a serverless environment.\n", + "type": "boolean" + }, + "swarmManager": { + "description": "SwarmManager indicates whether a swarm manager is running.\n", + "type": "boolean" + }, + "swarmNode": { + "description": "SwarmNode indicates whether the node is part of an active swarm.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.InternetConnections": { + "description": "InternetConnections represents the radar internet connections", + "properties": { + "incoming": { + "description": "Incoming is the incoming connections.\n", + "items": { + "$ref": "#/components/schemas/shared.Connection" + }, + "type": "array" + }, + "outgoing": { + "description": "Outgoing is the outgoing connections.\n", + "items": { + "$ref": "#/components/schemas/shared.Connection" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.JFrogRepoType": { + "description": "JFrogRepoType represents the type of JFrog Artifactory repository", + "enum": [ + [ + "local", + "remote", + "virtual" + ] + ], + "type": "string" + }, + "shared.KeyValues": { + "description": "KeyValues is a generic key values struct", + "properties": { + "key": { + "description": ".\n", + "type": "string" + }, + "values": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.KubeClusterRole": { + "description": "KubeClusterRole is a compact version of Kubernetes ClusterRole\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#clusterrole-v1-rbac-authorization-k8s-io", + "properties": { + "labels": { + "description": "Labels are the labels associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeLabel" + }, + "type": "array" + }, + "name": { + "description": "Name is the kubernetes role name.\n", + "type": "string" + }, + "roleBinding": { + "description": "RoleBinding is the name of the role binding used for display.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the policy rules associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubePolicyRule" + }, + "type": "array" + }, + "version": { + "description": "Version is the resource version of the role object maintained by Kubernetes.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.KubeLabel": { + "description": "KubeLabel represents a label\nThese are stored as an array to allow special characters in key names,\nsee https://docs.mongodb.com/manual/reference/limits/#Restrictions-on-Field-Names\nFor example: kubernetes.io/bootstrapping", + "properties": { + "key": { + "description": "Key is the key of the label.\n", + "type": "string" + }, + "value": { + "description": "Value is the value of the label.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.KubePolicyRule": { + "description": "KubePolicyRule is a compact version of Kubernetes PolicyRule\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#policyrule-v1-rbac-authorization-k8s-io", + "properties": { + "apiGroups": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "nonResourceURLs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "resourceNames": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "resources": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "verbs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.KubeRole": { + "description": "KubeRole is a compact version of Kubernetes Role\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#role-v1-rbac-authorization-k8s-io", + "properties": { + "labels": { + "description": "Labels are the labels associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeLabel" + }, + "type": "array" + }, + "name": { + "description": "Name is the role name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace associated with the role.\n", + "type": "string" + }, + "roleBinding": { + "description": "RoleBinding is the name of the role binding used for display.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the list of rules associated with the cluster role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubePolicyRule" + }, + "type": "array" + }, + "version": { + "description": "Version is the resource version of the role object maintained by Kubernetes.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.LambdaRuntimeType": { + "description": "LambdaRuntimeType represents the runtime type of the serverless function\nThe constants used are taken from: https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime", + "enum": [ + [ + "python", + "python3.6", + "python3.7", + "python3.8", + "python3.9", + "python3.10", + "python3.11", + "python3.12", + "nodejs", + "nodejs12.x", + "nodejs14.x", + "nodejs16.x", + "nodejs18.x", + "nodejs20.x", + "dotnet", + "dotnetcore2.1", + "dotnetcore3.1", + "dotnet6", + "java", + "java8", + "java11", + "java17", + "java21", + "ruby", + "ruby2.7" + ] + ], + "type": "string" + }, + "shared.License": { + "description": "License represent the customer license", + "properties": { + "access_token": { + "description": "AccessToken is the customer access token.\n", + "type": "string" + }, + "contract_id": { + "description": "ContractID is the customer contract ID.\n", + "type": "string" + }, + "contract_type": { + "$ref": "#/components/schemas/shared.LicenseContractType" + }, + "credits": { + "description": "Credits the total amount of credits purchased by the customer.\n", + "type": "integer" + }, + "customer_id": { + "description": "CustomerID is the customer ID.\n", + "type": "string" + }, + "defender_details": { + "description": "DefenderDetails represents the defenders license details.\n", + "items": { + "$ref": "#/components/schemas/shared.DefenderLicenseDetails" + }, + "type": "array" + }, + "defenders": { + "description": "Deprecated: Defenders is the maximum number of defender allowed in this license. Use DefenderDetails field instead.\n", + "type": "integer" + }, + "expiration_date": { + "description": "ExpirationDate is the license expiration date.\n", + "format": "date-time", + "type": "string" + }, + "issue_date": { + "description": "IssueDate is the license issue date.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.LicenseTier" + }, + "workloads": { + "description": "Deprecated: Workloads is the number of workloads per license kept for backward compatibility. Use Credits instead.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.LicenseConfig": { + "description": "LicenseConfig is the compliance policy license configuration", + "properties": { + "alertThreshold": { + "$ref": "#/components/schemas/shared.LicenseThreshold" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.LicenseThreshold" + }, + "critical": { + "description": "Critical is the list of licenses with critical severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "high": { + "description": "High is the list of licenses with high severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "low": { + "description": "Low is the list of licenses with low severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "medium": { + "description": "Medium is the list of licenses with medium severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.LicenseContractType": { + "description": "LicenseContractType is the license contract type", + "enum": [ + [ + "", + "host", + "avg", + "burndown" + ] + ], + "type": "string" + }, + "shared.LicenseThreshold": { + "description": "LicenseThreshold is the license severity threshold to indicate whether to perform an action (alert/block)\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "enabled": { + "description": "Enabled indicates that the action is enabled.\n", + "type": "boolean" + }, + "value": { + "description": "Value is the minimum severity score for which the action is enabled.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.LicenseTier": { + "description": "LicenseTier represents the license tier of the customer", + "enum": [ + [ + "", + "developer", + "enterprise", + "evaluation", + "oem" + ] + ], + "type": "string" + }, + "shared.LogInspectionEvent": { + "description": "LogInspectionEvent is a log inspection event detected according to the log inspection rules", + "properties": { + "_id": { + "description": "ID is event's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster on which the event was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this event applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname is the hostname on which the event was found.\n", + "type": "string" + }, + "line": { + "description": "Line is the matching log line.\n", + "type": "string" + }, + "logfile": { + "description": "Logfile is the log file which triggered the event.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the applied rule for auditing log inspection events.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.LoggerSetting": { + "description": "LoggerSetting are a specific logger settings", + "properties": { + "allProcEvents": { + "description": "AllProcEvents indicates whether any new spawned container process should generate an event source entry.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether log feature is enabled.\n", + "type": "boolean" + }, + "verboseScan": { + "description": "VerboseScan indicates whether detailed scan (Compliance/Vulnerability) result should be written to event logger.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.LoggingSettings": { + "description": "LoggingSettings are the logging settings", + "properties": { + "consoleAddress": { + "description": "ConsoleAddress is the console address used by the admin to access the console, used for creating links for runtime events.\n", + "type": "string" + }, + "enableMetricsCollection": { + "description": "EnableMetricsCollection indicates whether metric collections feature is enabled.\n", + "type": "boolean" + }, + "includeRuntimeLink": { + "description": "IncludeRuntimeLink indicates whether link to forensic event should be included in the output.\n", + "type": "boolean" + }, + "stdout": { + "$ref": "#/components/schemas/shared.LoggerSetting" + }, + "syslog": { + "$ref": "#/components/schemas/shared.SyslogSettings" + } + }, + "type": "object" + }, + "shared.Malware": { + "description": "Malware is an executable and its md5", + "properties": { + "allowed": { + "description": "Allowed indicates if this signature is on the allowed list.\n", + "type": "boolean" + }, + "md5": { + "description": ".\n", + "type": "string" + }, + "modified": { + "description": "Modified is the time the malware was added to the DB.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.MgmtAudit": { + "description": "MgmtAudit represents a management audit in the system", + "properties": { + "api": { + "description": "API is the api used in the audit process.\n", + "type": "string" + }, + "diff": { + "description": "Diff is the diff between old and new values.\n", + "type": "string" + }, + "failure": { + "description": "Failure states whether the request failed or not.\n", + "type": "boolean" + }, + "sourceIP": { + "description": "SourceIP is the request's source IP.\n", + "type": "string" + }, + "status": { + "description": "Status is the request's response status.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the request.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.MgmtType" + }, + "username": { + "description": "Username is the username of the user who performed the action.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.MgmtType": { + "description": "MgmtType represents management audit types", + "enum": [ + [ + "login", + "profile", + "settings", + "rule", + "user", + "group", + "credential", + "tag", + "role", + "pairing" + ] + ], + "type": "string" + }, + "shared.NetworkInfo": { + "description": "NetworkInfo contains data about a container regarding a specific network", + "properties": { + "ipAddress": { + "description": "IPAddress is the container IP.\n", + "type": "string" + }, + "macAddress": { + "description": "MacAddress is the container MAC.\n", + "type": "string" + }, + "name": { + "description": "Name is the network name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.NodeJSModuleType": { + "description": "NodeJSModuleType is the type of a NodeJS module", + "enum": [ + [ + "commonjs", + "ecmascript" + ] + ], + "type": "string" + }, + "shared.Package": { + "description": "Package stores relevant package information", + "properties": { + "author": { + "description": "Author is the package's author.\n", + "type": "string" + }, + "binaryIdx": { + "description": "Indexes of the top binaries which use the package.\n", + "items": { + "$ref": "#/components/schemas/int16" + }, + "type": "array" + }, + "binaryPkgs": { + "description": "Names of the distro binary packages (packages which are built on the source of the package).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cveCount": { + "description": "Total number of CVEs for this specific package.\n", + "type": "integer" + }, + "defaultGem": { + "description": "DefaultGem indicates this is a gem default package (and not a bundled package).\n", + "type": "boolean" + }, + "fileInfos": { + "description": "FileInfos are info for all package files, containing info on file path, hash and size, not saved in the scan result.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "files": { + "description": "List of package-related files and their hashes. Only included when the appropriate scan option is set.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "fullPkgPath": { + "description": "FullPkgPath is populated for all non-distro packages and represents the pkg path.\n", + "type": "string" + }, + "functionLayer": { + "description": "ID of the serverless layer in which the package was discovered.\n", + "type": "string" + }, + "goPkg": { + "description": "GoPkg indicates this is a Go package (and not module).\n", + "type": "boolean" + }, + "jarIdentifier": { + "description": "JarIdentifier holds an additional identification detail of a JAR package.\n", + "type": "string" + }, + "layerTime": { + "description": "Image layer to which the package belongs (layer creation time).\n", + "format": "int64", + "type": "integer" + }, + "license": { + "description": "License information for the package.\n", + "type": "string" + }, + "name": { + "description": "Name of the package.\n", + "type": "string" + }, + "originPackageName": { + "description": "OriginPackageName is the name of the third-party origin package.\n", + "type": "string" + }, + "osPackage": { + "description": "OSPackage indicates that a python/java package was installed as an OS package.\n", + "type": "boolean" + }, + "path": { + "description": "Full package path (e.g., JAR or Node.js package path).\n", + "type": "string" + }, + "purl": { + "description": "PURL is a package URL identifier for this package.\n", + "type": "string" + }, + "securityRepoPkg": { + "description": "SecurityRepoPkg determines if this package is available in a security repository.\n", + "type": "boolean" + }, + "symbols": { + "description": "Symbols contains names of vulnerable functions that are linked in the executable binary, empty if the entire package is vulnerable.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "version": { + "description": "Package version.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Packages": { + "description": "Packages is a collection of packages", + "properties": { + "pkgs": { + "description": "List of packages.\n", + "items": { + "$ref": "#/components/schemas/shared.Package" + }, + "type": "array" + }, + "pkgsType": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.PkgTypeThreshold": { + "description": "PkgTypeThreshold represents specific vulnerability alert and block thresholds for a package type", + "properties": { + "alertThreshold": { + "$ref": "#/components/schemas/shared.AlertThreshold" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.BlockThreshold" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.PkgsTimes": { + "description": "PkgsTimes are the compressed layer times for pkgs of the specific type", + "properties": { + "pkgTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/int64" + }, + "type": "array" + }, + "pkgsType": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.Policy": { + "description": "Policy represents a policy that should be enforced by the Auditor", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "rules": { + "description": "Rules holds all policy rules.\n", + "items": { + "$ref": "#/components/schemas/shared.PolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.PolicyRule": { + "description": "PolicyRule is a single rule in the policy", + "properties": { + "action": { + "description": "Action to take.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "alertThreshold": { + "$ref": "#/components/schemas/shared.AlertThreshold" + }, + "allCompliance": { + "description": "Reports the results of all compliance checks (both passed and failed) (true).\n", + "type": "boolean" + }, + "auditAllowed": { + "description": "Specifies if Prisma Cloud audits successful transactions.\n", + "type": "boolean" + }, + "blockMsg": { + "$ref": "#/components/schemas/common.PolicyBlockMsg" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.BlockThreshold" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "condition": { + "$ref": "#/components/schemas/shared.Conditions" + }, + "createPR": { + "description": "CreatePR indicates whether to create a pull request for vulnerability fixes (relevant for code repos).\n", + "type": "boolean" + }, + "cveRules": { + "description": "List of CVE IDs classified for special handling (also known as exceptions).\n", + "items": { + "$ref": "#/components/schemas/shared.CVERule" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/common.PolicyEffect" + }, + "excludeBaseImageVulns": { + "description": "ExcludeBaseImageVulns indicates whether to exclude vulnerabilities coming from the base image.\n", + "type": "boolean" + }, + "graceDays": { + "description": "Number of days to suppress the rule's block effect. Measured from date the vuln was fixed. If there's no fix, measured from the date the vuln was published.\n", + "type": "integer" + }, + "graceDaysPolicy": { + "$ref": "#/components/schemas/shared.GraceDaysPolicy" + }, + "group": { + "description": "Applicable groups.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "license": { + "$ref": "#/components/schemas/shared.LicenseConfig" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "onlyFixed": { + "description": "Applies rule only when vendor fixes are available (true).\n", + "type": "boolean" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pkgTypesThresholds": { + "description": "PkgTypesThresholds holds package type specific alert and block thresholds.\n", + "items": { + "$ref": "#/components/schemas/shared.PkgTypeThreshold" + }, + "type": "array" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "principal": { + "description": "Applicable users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactorsEffects": { + "description": "RiskFactorsEffects indicates the effect (alert/block) of each risk factor.\n", + "items": { + "$ref": "#/components/schemas/shared.RiskFactorEffect" + }, + "type": "array" + }, + "tags": { + "description": "List of tags classified for special handling (also known as exceptions).\n", + "items": { + "$ref": "#/components/schemas/shared.TagRule" + }, + "type": "array" + }, + "verbose": { + "description": "Displays a detailed message when an operation is blocked (true).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.Port": { + "description": "Port is a container port", + "properties": { + "containerPort": { + "description": "ContainerPort is the mapped port inside the container.\n", + "type": "string" + }, + "hostIP": { + "description": "HostIP is the host IP.\n", + "type": "string" + }, + "hostPort": { + "description": "HostPort is the host port.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ProfileKubernetesData": { + "description": "ProfileKubernetesData holds Kubernetes data", + "properties": { + "clusterRoles": { + "description": "ClusterRoles are the cluster roles of the associated service account.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeClusterRole" + }, + "type": "array" + }, + "roles": { + "description": "Roles are the roles of the associated service account.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeRole" + }, + "type": "array" + }, + "serviceAccount": { + "description": "ServiceAccount is the service account used to access Kubernetes apiserver\nThis field will be empty if the container is not running inside of a Pod.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Progress": { + "description": "Progress displays the scan progress", + "properties": { + "aisInitialScanInProgress": { + "description": "AISInitialScanInProgress indicates whether agentless next-gen first scheduled scan is in progress.\n", + "type": "boolean" + }, + "aisOnDemandScanInProgress": { + "description": "AISOnDemandScanInProgress indicates whether agentless next-gen on demand scan is in progress.\n", + "type": "boolean" + }, + "discovery": { + "description": "Discovery indicates whether the scan is in discovery phase.\n", + "type": "boolean" + }, + "error": { + "description": "Error is the error that happened during scan.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname for which the progress apply.\n", + "type": "string" + }, + "id": { + "description": "ID is the ID of the entity being scanned.\n", + "type": "string" + }, + "onDemand": { + "description": "OnDemand indicates whether the scan was triggered by the user or not (scheduled scan).\n", + "type": "boolean" + }, + "scanTime": { + "description": "ScanTime is the time of scan.\n", + "format": "date-time", + "type": "string" + }, + "scanned": { + "description": "Scanned is the number of entities for which the scan completed.\n", + "type": "integer" + }, + "title": { + "description": "Title is the progress title (set by the scanning process).\n", + "type": "string" + }, + "total": { + "description": "Total is the total amount of entities that should be scanned.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + } + }, + "type": "object" + }, + "shared.RegionData": { + "description": "RegionData contains data regarding a region", + "properties": { + "coordinates": { + "$ref": "#/components/schemas/shared.Coordinates" + }, + "name": { + "description": "Name is the region display name.\n", + "type": "string" + }, + "region": { + "description": "Region is the region code name.\n", + "type": "string" + }, + "regionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "supportedServices": { + "description": "SupportedServices is a list of cloud service types the region supports.\n", + "items": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.RegionDataByCloudProvider": { + "additionalProperties": { + "$ref": "#/components/schemas/-_shared.RegionData" + }, + "description": "RegionDataByCloudProvider represents the region data per cloud provider", + "type": "object" + }, + "shared.RegionType": { + "description": "RegionType specifies the region type that runs the Amazon services", + "enum": [ + [ + "regular", + "gov", + "china", + "all" + ] + ], + "type": "string" + }, + "shared.RegistryOSType": { + "description": "RegistryOSType specifies the registry images base OS type", + "enum": [ + [ + "linux", + "linuxARM64", + "windows" + ] + ], + "type": "string" + }, + "shared.RegistryScanProgress": { + "description": "RegistryScanProgress represents the registry scan progress", + "properties": { + "discovery": { + "$ref": "#/components/schemas/shared.Progress" + }, + "imageScan": { + "$ref": "#/components/schemas/shared.Progress" + }, + "isScanOngoing": { + "description": "IsScanOngoing indicates if a scan is currently ongoing.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.RegistryScanRequest": { + "description": "RegistryScanRequest represents a registry scan request", + "properties": { + "onDemandScan": { + "description": "OnDemandScan indicates whether to handle request using the on-demand scanner.\n", + "type": "boolean" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "settings": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + }, + "tag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": { + "description": "Type indicates the type of the scan request.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.RegistrySettings": { + "description": "RegistrySettings contains each registry's unique settings", + "properties": { + "harborScannerUrlSuffix": { + "description": "Relative path to the Harbor scanner endpoint.\n", + "type": "string" + }, + "specifications": { + "description": "Information for connecting to the registries to be scanned.\n", + "items": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + }, + "type": "array" + }, + "webhookUrlSuffix": { + "description": "Relative path to the webhook HTTP endpoint.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RegistrySpecification": { + "description": "RegistrySpecification contains information for connecting to local/remote registry", + "properties": { + "azureCloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "caCert": { + "description": "CACert is the Certificate Authority that signed the registry certificate.\n", + "type": "string" + }, + "cap": { + "description": "Specifies the maximum number of images from each repo to fetch and scan, sorted by most recently modified.\n", + "type": "integer" + }, + "collections": { + "description": "Specifies the set of Defenders in-scope for working on a scan job.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "ID of the credentials in the credentials store to use for authenticating with the registry.\n", + "type": "string" + }, + "excludedRepositories": { + "description": "Repositories to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "excludedTags": { + "description": "Tags to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "gitlabRegistrySpec": { + "$ref": "#/components/schemas/shared.GitlabRegistrySpec" + }, + "harborDeploymentSecurity": { + "description": "Indicates whether the Prisma Cloud plugin uses temporary tokens provided by Harbor to scan images in projects where Harbor's deployment security setting is enabled.\n", + "type": "boolean" + }, + "id": { + "description": "ID is a unique identifier of the registry spec.\n", + "type": "string" + }, + "jfrogRepoTypes": { + "description": "JFrog Artifactory repository types to scan.\n", + "items": { + "$ref": "#/components/schemas/shared.JFrogRepoType" + }, + "type": "array" + }, + "lastScanStatus": { + "description": "LastScanStatus is the last scan status. we keep both LastScanStatus and ScanStatus in order to not lose the latest scan status when a scan starts.\n", + "type": "string" + }, + "lastScanTime": { + "description": "LastScanTime specifies the last time a scan was completed.\n", + "format": "date-time", + "type": "string" + }, + "namespace": { + "description": "IBM Bluemix namespace https://console.bluemix.net/docs/services/Registry/registry_overview.html#registry_planning.\n", + "type": "string" + }, + "os": { + "$ref": "#/components/schemas/shared.RegistryOSType" + }, + "registry": { + "description": "Registry address (e.g., https://gcr.io).\n", + "type": "string" + }, + "repository": { + "description": "Repositories to scan.\n", + "type": "string" + }, + "scanError": { + "description": "ScanError is the error received while scanning the specification.\n", + "type": "string" + }, + "scanStatus": { + "description": "ScanStatus is the scan status that's updated dynamically during the scan, when the scan finishes - its value is passed to the LastScanStatus field in the DB.\n", + "type": "string" + }, + "scanTime": { + "description": "ScanTime specifies the time a scan was started.\n", + "format": "date-time", + "type": "string" + }, + "scanners": { + "description": "Number of Defenders that can be utilized for each scan job.\n", + "type": "integer" + }, + "tag": { + "description": "Tags to scan.\n", + "type": "string" + }, + "version": { + "description": "Registry type. Determines the protocol Prisma Cloud uses to communicate with the registry.\n", + "type": "string" + }, + "versionPattern": { + "description": "Pattern heuristic for quickly filtering images by tags without having to query all images for modification dates.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RiskFactorEffect": { + "description": "RiskFactorEffect represents the effect which is applied by a risk factor", + "properties": { + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "riskFactor": { + "$ref": "#/components/schemas/vulnerability.RiskFactor" + } + }, + "type": "object" + }, + "shared.RuntimeAttackType": { + "description": "RuntimeAttackType is the sub-category of the attack (e.g., malware process, process not in model, etc...)", + "enum": [ + [ + "", + "cloudMetadataProbing", + "kubeletAPIAccess", + "kubeletReadonlyAccess", + "kubectlSpawned", + "kubectlDownloaded", + "horizontalPortScanning", + "verticalPortScanning", + "explicitlyDeniedIP", + "customFeedIP", + "feedIP", + "unexpectedOutboundPort", + "suspiciousNetworkActivity", + "unexpectedListeningPort", + "explicitlyDeniedListeningPort", + "explicitlyDeniedOutboundPort", + "listeningPortModifiedProcess", + "outboundPortModifiedProcess", + "feedDNS", + "explicitlyDeniedDNS", + "dnsQuery", + "unexpectedProcess", + "portScanProcess", + "malwareProcessCustom", + "malwareProcessFeed", + "explicitlyDeniedProcess", + "modifiedProcess", + "cryptoMinerProcess", + "lateralMovementProcess", + "tmpfsProcess", + "policyHijacked", + "reverseShell", + "suidBinaries", + "unknownOriginBinary", + "webShell", + "administrativeAccount", + "encryptedBinary", + "sshAccess", + "explicitlyDeniedFile", + "malwareFileCustom", + "malwareFileFeed", + "execFileAccess", + "elfFileAccess", + "secretFileAccess", + "regFileAccess", + "wildfireMalware", + "unknownOriginBinary", + "webShell", + "fileIntegrity", + "alteredBinary", + "malwareDownloaded", + "suspiciousELFHeader", + "executionFlowHijackAttempt", + "customRule" + ] + ], + "type": "string" + }, + "shared.RuntimeAudit": { + "description": "RuntimeAudit represents a runtime audit event (fires when a runtime policy is violated)", + "properties": { + "_id": { + "description": "Internal ID (used for in-place updates).\n", + "type": "string" + }, + "accountID": { + "description": "ID of the cloud account where the audit was generated.\n", + "type": "string" + }, + "app": { + "description": "Name of the service which violated the host policy.\n", + "type": "string" + }, + "appID": { + "description": "Application ID.\n", + "type": "string" + }, + "attackTechniques": { + "description": "MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "attackType": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "cluster": { + "description": "Cluster name.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "command": { + "description": "ScrubbedCommand is the command executed by the process with scrubbed PII.\n", + "type": "string" + }, + "container": { + "description": "Indicates if this is a container audit (true) or host audit (false).\n", + "type": "boolean" + }, + "containerId": { + "description": "ID of the container that violates the rule.\n", + "type": "string" + }, + "containerName": { + "description": "Container name.\n", + "type": "string" + }, + "count": { + "description": "Attack type audits count.\n", + "type": "integer" + }, + "country": { + "description": "Outbound country for outgoing network audits.\n", + "type": "string" + }, + "domain": { + "description": "Domain is the requested domain.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "err": { + "description": "Unknown error in the audit process.\n", + "type": "string" + }, + "filepath": { + "description": "Filepath is the path of the modified file.\n", + "type": "string" + }, + "fqdn": { + "description": "Current full domain name used in audit alerts.\n", + "type": "string" + }, + "function": { + "description": "Name of the serverless function that caused the audit.\n", + "type": "string" + }, + "functionID": { + "description": "ID of the function invoked.\n", + "type": "string" + }, + "hostname": { + "description": "Current hostname.\n", + "type": "string" + }, + "imageId": { + "description": "Container image ID.\n", + "type": "string" + }, + "imageName": { + "description": "Container image name.\n", + "type": "string" + }, + "interactive": { + "description": "Indicates if the audit was triggered from a process that was spawned in interactive mode (e.g., docker exec ...) (true) or not (false).\n", + "type": "boolean" + }, + "ip": { + "description": "IP is the connection destination IP address.\n", + "type": "string" + }, + "label": { + "description": "Container deployment label.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Custom labels which augment the audit data.\n", + "type": "object" + }, + "md5": { + "description": "MD5 is the MD5 of the modified file (only for executables.\n", + "type": "string" + }, + "msg": { + "description": "Blocking message text.\n", + "type": "string" + }, + "namespace": { + "description": "K8s deployment namespace.\n", + "type": "string" + }, + "os": { + "description": "Operating system distribution.\n", + "type": "string" + }, + "pid": { + "description": "ID of the process that caused the audit event.\n", + "type": "integer" + }, + "port": { + "description": "Port is the connection destination port.\n", + "type": "integer" + }, + "processPath": { + "description": "Path of the process that caused the audit event.\n", + "type": "string" + }, + "profileId": { + "description": "Profile ID of the audit.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "rawEvent": { + "description": "Unparsed function handler event input.\n", + "type": "string" + }, + "region": { + "description": "Region of the resource where the audit was generated.\n", + "type": "string" + }, + "requestID": { + "description": "ID of the lambda function invocation request.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource where the audit was generated.\n", + "type": "string" + }, + "ruleName": { + "description": "Name of the rule that was applied, if blocked.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "severity": { + "$ref": "#/components/schemas/shared.RuntimeSeverity" + }, + "time": { + "description": "Time of the audit event (in UTC time).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.RuntimeType" + }, + "user": { + "description": "Service user.\n", + "type": "string" + }, + "version": { + "description": "Defender version.\n", + "type": "string" + }, + "vmID": { + "description": "Azure unique VM ID where the audit was generated.\n", + "type": "string" + }, + "wildFireReportURL": { + "description": "WildFireReportURL is a URL link of the report generated by wildFire.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RuntimeProfileState": { + "description": "RuntimeProfileState represents the state of an image profile", + "enum": [ + [ + "learning", + "dryRun", + "learningExtended", + "manualLearning", + "manualRelearning", + "active", + "manualActive" + ] + ], + "type": "string" + }, + "shared.RuntimeSecretScrubbingSettings": { + "description": "RuntimeSecretScrubbingSettings holds the runtime secret scrubbing settings", + "properties": { + "customSpecs": { + "description": "CustomSpecs is a collection of generic sensitive data masking patterns.\n", + "items": { + "$ref": "#/components/schemas/runtime.SecretScrubbingSpec" + }, + "type": "array" + }, + "skipDefault": { + "description": "SkipDefault indicates whether default secret scrubbing should be skipped.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.RuntimeSeverity": { + "description": "RuntimeSeverity represents the runtime severity", + "enum": [ + [ + "low", + "medium", + "high" + ] + ], + "type": "string" + }, + "shared.RuntimeType": { + "description": "RuntimeType represents the runtime protection type", + "enum": [ + [ + "processes", + "network", + "kubernetes", + "filesystem" + ] + ], + "type": "string" + }, + "shared.ScanErrorInfo": { + "description": "ScanErrorInfo holds information about the errors that occurred during the scan", + "properties": { + "category": { + "description": "Category is the category of error.\n", + "type": "string" + }, + "cause": { + "description": "Cause describes what caused the error.\n", + "type": "string" + }, + "detectedDuring": { + "$ref": "#/components/schemas/shared.AISOperationType" + }, + "error": { + "description": "Error holds the full error string.\n", + "type": "string" + }, + "recommendation": { + "description": "Recommendation provides more information about error and suggestions for possible fixes.\n", + "type": "string" + }, + "score": { + "description": "Score is a rating of how relevant the error is to the customer.\n", + "type": "integer" + }, + "source": { + "description": "Source is details on where the error occurred.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ScanResultType": { + "description": "ScanResultType represents a cloud scan result type", + "enum": [ + [ + "aws-ecr", + "aws-lambda", + "aws-ec2", + "aws-eks", + "aws-ecs", + "aws-s3", + "aws-config", + "aws-cloud-trail", + "aws-kms", + "aws-cloud-watch", + "aws-sns", + "aws-security-hub", + "aws-secrets-manager", + "aws-parameter-store", + "azure-acr", + "azure-functions", + "azure-aks", + "azure-aci", + "azure-vm", + "gcp-gcr", + "gcp-gcf", + "gcp-gke", + "gcp-vm", + "gcp-artifact", + "oci-instance" + ] + ], + "type": "string" + }, + "shared.ScanSettings": { + "description": "ScanSettings are global settings for image/host/container and registry scanning", + "properties": { + "agentlessScanPeriodMs": { + "description": "AgentlessScanPeriodMS is the agentless scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "cloudPlatformsScanPeriodMs": { + "description": "CloudPlatformsScanPeriodMS is the cloud platforms scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "containersScanPeriodMs": { + "description": "ContainersScanPeriodMS is the container scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "extractArchive": { + "description": "ExtractArchive indicates whether to search within archive during scan is enabled.\n", + "type": "boolean" + }, + "imagesScanPeriodMs": { + "description": "ImageScanPeriodMS is the image scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "includeJsDependencies": { + "description": "IncludeJsDependencies indicates whether to include packages from the \"dependencies\".\n", + "type": "boolean" + }, + "registryScanPeriodMs": { + "description": "RegistryScanPeriodMS is the registry scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "registryScanRetentionDays": { + "description": "RegistryScanRetentionDays is the number of days to keep deleted registry images.\n", + "type": "integer" + }, + "scanRunningImages": { + "description": "ScanRunningImages indicates only images that are used by containers should be used.\n", + "type": "boolean" + }, + "serverlessScanPeriodMs": { + "description": "ServerlessScanPeriodMS is the serverless vulnerability scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "showInfraContainers": { + "description": "ShowInfraContainers indicates infra containers should be shown.\n", + "type": "boolean" + }, + "showNegligibleVulnerabilities": { + "description": "ShowNegligibleVulnerabilities indicates whether to display negligible vulnerabilities (low severity or will not be fixed).\n", + "type": "boolean" + }, + "systemScanPeriodMs": { + "description": "SystemScanPeriodMS is the host scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "tasDropletsScanPeriodMs": { + "description": "TASDropletsScanPeriodMS is the TAS scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "vmScanPeriodMs": { + "description": "VMScanPeriodMS is the VM image scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ScanType": { + "description": "ScanType displays the components for an ongoing scan", + "enum": [ + [ + "image", + "ciImage", + "container", + "host", + "agentlessHost", + "registry", + "serverlessScan", + "ciServerless", + "vm", + "tas", + "ciTas", + "cloudDiscovery", + "serverlessRadar", + "serverlessAutoDeploy", + "hostAutoDeploy", + "codeRepo", + "ciCodeRepo" + ] + ], + "type": "string" + }, + "shared.SecretStoreType": { + "description": "SecretStoreType is the secrets store type", + "enum": [ + [ + "hashicorp", + "hashicorp010", + "cyberark", + "awsParameterStore", + "awsSecretsManager", + "azure" + ] + ], + "type": "string" + }, + "shared.SecretsInjectionType": { + "description": "SecretsInjectionType is the method used to inject secrets to containers", + "enum": [ + [ + "envvar", + "filesystem" + ] + ], + "type": "string" + }, + "shared.SecretsPolicy": { + "description": "SecretsPolicy defines policy for distribution of secrets to containers", + "properties": { + "_id": { + "description": "ID is the internal secret policy id.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of secret injection rules.\n", + "items": { + "$ref": "#/components/schemas/shared.SecretsRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.SecretsRule": { + "description": "SecretsRule defines distribution of secrets to containers", + "properties": { + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "injection": { + "$ref": "#/components/schemas/shared.SecretsInjectionType" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "readAllPerm": { + "description": "ReadAllPerm indicates whether file permissions of injected secrets allow read by root only or by all users.\n", + "type": "boolean" + }, + "secrets": { + "description": "Secrets are the encrypted secrets to inject.\n", + "items": { + "$ref": "#/components/schemas/shared.VaultSecret" + }, + "type": "array" + }, + "targetDir": { + "description": "TargetDir is the target directory to inject secret files to if we choose filesystem injection.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.SecretsStore": { + "description": "SecretsStore represents a secret storage entity", + "properties": { + "appID": { + "description": "AppID is the twistlock application id, as set in Cyberark store.\n", + "type": "string" + }, + "caCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "clientCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "credentialId": { + "description": "CredentialID is the authentication credential id.\n", + "type": "string" + }, + "name": { + "description": "Name is the name of the secret store defined by the user.\n", + "type": "string" + }, + "region": { + "description": "Region is the secrets store's region.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.SecretStoreType" + }, + "url": { + "description": "URL is the secrets store's endpoint point.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.SecretsStores": { + "description": "SecretsStores are settings for connecting with secrets storage vaults", + "properties": { + "refreshPeriodHours": { + "description": "RefreshPeriodHours is the secret stores refresh time in hours.\n", + "type": "integer" + }, + "secretsStores": { + "description": "Stores is the list of stores to fetch secrets from.\n", + "items": { + "$ref": "#/components/schemas/shared.SecretsStore" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ServerlessAutoDeploySpecification": { + "description": "ServerlessAutoDeploySpecification contains the information for auto-deploying serverless functions protection", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "consoleAddr": { + "description": "ConsoleAddr represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the last modified time of the specification.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the spec.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "runtimes": { + "description": "Runtimes is the list of runtimes to which the spec applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ServerlessAutoDeploySpecifications": { + "description": "ServerlessAutoDeploySpecifications is a list of serverless auto-deploy specifications", + "items": { + "$ref": "#/components/schemas/shared.ServerlessAutoDeploySpecification" + }, + "type": "array" + }, + "shared.ServerlessBundleRequest": { + "description": "ServerlessBundleRequest represents the arguments to serverless bundle request", + "properties": { + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxyCA": { + "description": "ProxyCA is the proxy\u2019s CA certificate for Defender to trust.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + } + }, + "type": "object" + }, + "shared.ServerlessLayerBundleRequest": { + "description": "ServerlessLayerBundleRequest represents the arguments to a serverless layer bundle request", + "properties": { + "nodeJSModuleType": { + "$ref": "#/components/schemas/shared.NodeJSModuleType" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxyCA": { + "description": "ProxyCA is the proxy\u2019s CA certificate for Defender to trust.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + } + }, + "type": "object" + }, + "shared.ServerlessScanSpecification": { + "description": "ServerlessScanSpecification describes how to connect to a serverless provider", + "properties": { + "cap": { + "description": "Specifies the maximum number of functions to fetch and scan, ordered by most recently modified.\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled indicates whether serverless scanning is enabled.\n", + "type": "boolean" + }, + "scanAllVersions": { + "description": "Specifies whether to scan all image versions. If set to false, scans only $LATEST. Default: false.\n", + "type": "boolean" + }, + "scanLayers": { + "description": "Specifies whether to scan a function's layers. Default: true.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.SubnetConnections": { + "description": "SubnetConnections holds the entity incoming and outgoing connections from/to subnets", + "properties": { + "incoming": { + "additionalProperties": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstances" + }, + "description": "Incoming holds connection from radar entity to subnet.\n", + "type": "object" + }, + "outgoing": { + "additionalProperties": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstances" + }, + "description": "Outgoing holds connection from subnet to radar entity.\n", + "type": "object" + } + }, + "type": "object" + }, + "shared.SyslogSettings": { + "description": "SyslogSettings are the syslog settings", + "properties": { + "addr": { + "description": "Addr is the remote address for sending events.\n", + "type": "string" + }, + "allProcEvents": { + "description": "AllProcEvents indicates whether any new spawned container process should generate an event source entry.\n", + "type": "boolean" + }, + "cert": { + "description": "Cert is the server cert for dialing TLS syslogger.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether log feature is enabled.\n", + "type": "boolean" + }, + "id": { + "description": "ID represents the user's custom identifier string.\n", + "type": "string" + }, + "verboseScan": { + "description": "VerboseScan indicates whether detailed scan (Compliance/Vulnerability) result should be written to event logger.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.TASDropletSpecification": { + "description": "TASDropletSpecification specify which droplets to scan", + "properties": { + "cap": { + "description": "Cap indicates only the last k images should be fetched.\n", + "type": "integer" + }, + "cloudControllerAddress": { + "description": "CloudControllerAddress is the address of the local cloud controller in TAS env.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname of the defender that is used as the blobstore scanner.\n", + "type": "string" + }, + "pattern": { + "description": "Name is the droplet name.\n", + "type": "string" + }, + "remote": { + "description": "Remote indicates whether the blobstore is remote or local.\n", + "type": "boolean" + }, + "remoteConfig": { + "$ref": "#/components/schemas/shared.TASRemoteBlobstoreConfig" + } + }, + "type": "object" + }, + "shared.TASRemoteBlobstoreConfig": { + "description": "TASRemoteBlobstoreConfig contains remote blobstore details", + "properties": { + "blobstoreAddress": { + "description": "BlobstoreAddress is the address of the remote cloud controller.\n", + "type": "string" + }, + "cACert": { + "description": "CACert Ops manager CA root certificate in case the user chooses not to skip TLS validation.\n", + "type": "string" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "CredentialID is the id in the credentials store to use for authenticating with the remote blobstore.\n", + "type": "string" + }, + "foundation": { + "description": " Foundation is the name of TAS foundation.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Tag": { + "description": "Tag represents a single tag", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "description": { + "description": "Description is the tag description.\n", + "type": "string" + }, + "name": { + "description": "Name is the tag name.\n", + "type": "string" + }, + "vulns": { + "description": "Vulns are the tagged vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/shared.TagVulnMetadata" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.TagRule": { + "description": "TagRule is a tag rule for specific vulnerabilities", + "properties": { + "description": { + "description": "Free-form text for documenting the exception.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "expiration": { + "$ref": "#/components/schemas/vuln.ExpirationDate" + }, + "name": { + "description": "Tag name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.TagVulnMetadata": { + "description": "TagVulnMetadata contains the tag vulnerability metadata", + "properties": { + "checkBaseLayer": { + "description": "(Applies only to the resource type 'image') Checks whether the base layer in an image is the resource image.\n", + "type": "boolean" + }, + "comment": { + "description": "Adds a comment.\n", + "type": "string" + }, + "id": { + "description": "Specifies the Common Vulnerability and Exposures (CVE) ID.\n", + "type": "string" + }, + "packageName": { + "description": "Specifies the source or the binary package name where the vulnerability is found.\nUse the source package name for tagging if only source package exists.\nUse the wildcard `*` for tagging all the packages.\n", + "type": "string" + }, + "resourceType": { + "$ref": "#/components/schemas/vuln.TagType" + }, + "resources": { + "description": "(Required when you define the resource type) Specifies the resources for tagging where the vulnerability is found. Either specify the resource names separated by a comma or use the wildcard `*` to apply the tag to all the resources where the vulnerability is found.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.TrustAudit": { + "description": "TrustAudit represents a trust audit", + "properties": { + "_id": { + "description": "ID is the registry-repo of the created container.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID where the audit was generated.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster where the audit was generated.\n", + "type": "string" + }, + "count": { + "description": "Count is the number of times this audit occurred.\n", + "type": "integer" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "imageID": { + "description": "ImageID is the container image id.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "msg": { + "description": "Message is the blocking message text.\n", + "type": "string" + }, + "ruleName": { + "description": "If blocked, contains the name of the rule that was applied.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.TrustAudits": { + "description": "TrustAudits represents the trust profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.TrustRegistryRepoAudits" + }, + "description": "Audits is a map from trust status (audits are only for untrusted type) to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.TrustRegistryRepoAudits": { + "description": "TrustRegistryRepoAudits represents the trust registry/repo audits per profile", + "properties": { + "audits": { + "description": "Audits are the trust audits associated with the registry/repo, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.TrustedCertSettings": { + "description": "TrustedCertSettings are settings for trusted certs", + "properties": { + "certs": { + "description": "Certs are the list of trusted certificates to use in access scenarios.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + }, + "type": "array" + }, + "checkRevocation": { + "description": "CheckRevocation indicates whether to check the certificate revocation.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether the trusted certificate feature is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.TrustedCertSignature": { + "description": "TrustedCertSignature represents a trusted cert settings", + "properties": { + "cn": { + "description": "CN is the certificate common name.\n", + "type": "string" + }, + "issuer": { + "description": "Issuer is the certificate issuer.\n", + "type": "string" + }, + "notAfter1": { + "description": "NotAfter is the certificate expiration time\nRemark: the 1 suffix required for backward compatibility (previous values were strings and cannot be serialized).\n", + "format": "date-time", + "type": "string" + }, + "notBefore1": { + "description": "NotBefore is the minimum time for which the cert is valid\nRemark: the 1 suffix required for backward compatibility (previous values were strings and cannot be serialized).\n", + "format": "date-time", + "type": "string" + }, + "raw": { + "description": "Raw is the raw certificate (in PEM format).\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.UploadScanResult": { + "description": "UploadScanResult is the result uploading the scanning result", + "properties": { + "scanId": { + "description": "ID is the scan result ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.User": { + "description": "User represents a local user in Twistlock", + "properties": { + "username": { + "description": "Name of a user.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.VMSpecification": { + "description": "VMSpecification contains information for setting up and connecting to the image", + "properties": { + "cap": { + "description": "Specifies the maximum number of images to fetch and scan, ordered by most recently modified.\n", + "type": "integer" + }, + "consoleAddr": { + "description": "Network-accessible address that Defender can use to publish scan results to Console.\n", + "type": "string" + }, + "credentialID": { + "description": "ID of the credentials in the credentials store to use for authenticating with the cloud provider.\n", + "type": "string" + }, + "enableSecureBoot": { + "description": "EnableSecureBoot indicates secure boot should be enabled for the instance launched for scanning (currently only supported with GCP).\n", + "type": "boolean" + }, + "excludedImages": { + "description": "Images to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "gcpProjectID": { + "description": "GCP project ID to use for listing VM images instead of the default associated with the GCP credential (optional).\n", + "type": "string" + }, + "imageType": { + "$ref": "#/components/schemas/common.ImageType" + }, + "images": { + "description": "The names of images to scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "instanceType": { + "description": "InstanceType is the instance type to use for the instance launched for scanning. For example, the default instance type for AWS is \"m4.large\".\n", + "type": "string" + }, + "labels": { + "description": "The labels to use to target images to scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "region": { + "description": "Cloud provider region.\n", + "type": "string" + }, + "scanners": { + "description": "Number of Defenders that can be utilized for each scan job.\n", + "type": "integer" + }, + "subnetID": { + "description": "SubnetID is the network subnet ID to use for the instance launched for scanning. Default value is empty string, which represents the default subnet in the VPC.\n", + "type": "string" + }, + "vpcID": { + "description": "VPCID is the network VPC ID to use for the instance launched for scanning. Default value is empty string, which represents the default VPC in the region.\n", + "type": "string" + }, + "zone": { + "description": "Cloud provider zone (part of a region). On GCP, designates in which zone to deploy the VM scan instance.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.VMSpecifications": { + "description": "VMSpecifications is a list of VM specifications", + "items": { + "$ref": "#/components/schemas/shared.VMSpecification" + }, + "type": "array" + }, + "shared.VaultSecret": { + "description": "VaultSecret represents a secret held by a secret store", + "properties": { + "folder": { + "description": "Folder is one of the following:\nCyberark: Name of the folder for secrets held in Cyberark store\nHashicorp: The directory path for secrets held in Hashicorp store\nAWS: The name of the secret in AWS Secrets Manager or AWS Parameter Store.\n", + "type": "string" + }, + "key": { + "description": "Key is the secret's identifier in the secrets store.\n", + "type": "string" + }, + "name": { + "description": "Name is the name of the secret as input from the user.\n", + "type": "string" + }, + "safe": { + "description": "Safe is the name of the safe, for secrets held in Cyberark store.\n", + "type": "string" + }, + "store": { + "description": "Store is the name of the secrets store where the secret is held.\n", + "type": "string" + }, + "value": { + "$ref": "#/components/schemas/common.Secret" + }, + "version": { + "description": "Version is the Azure secret version.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.WildFirePolicy": { + "description": "WildFirePolicy is the global wildfire usage policy, set by the client", + "properties": { + "agentlessEnabled": { + "description": "AgentlessEnabled indicates whether agentless scan will consult WF.\n", + "type": "boolean" + }, + "complianceEnabled": { + "description": "ComplianceEnabled indicates whether compliance malware scan will consult WF.\n", + "type": "boolean" + }, + "graywareAsMalware": { + "description": "GraywareAsMalware indicates whether files with WF verdict of Grayware will be treated as malware.\n", + "type": "boolean" + }, + "region": { + "description": "Region is the WF server region to query.\n", + "type": "string" + }, + "runtimeEnabled": { + "description": "RuntimeEnabled indicates whether runtime malware scan will consult WF.\n", + "type": "boolean" + }, + "uploadEnabled": { + "description": "UploadEnabled indicates whether files will be uploaded to WF.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.WildFireSettings": { + "description": "WildFireSettings are the settings for WildFire API requests", + "properties": { + "apiKey": { + "description": "APIKey is the key identifier used for WF APIs.\n", + "type": "string" + }, + "apiKeyExpiration": { + "description": "APIKeyExpiration is the expiration time of the API key.\n", + "format": "date-time", + "type": "string" + }, + "lastError": { + "description": "LastError is the last error that occurred when trying to create/update the wildfire key.\n", + "type": "string" + }, + "policy": { + "$ref": "#/components/schemas/shared.WildFirePolicy" + } + }, + "type": "object" + }, + "string": { + "type": "string" + }, + "time.Duration": { + "format": "int64", + "type": "integer" + }, + "time.Time": { + "format": "date-time", + "type": "string" + }, + "trust.Data": { + "description": "Data holds the image trust data", + "properties": { + "groups": { + "description": "Groups are the trust groups.\n", + "items": { + "$ref": "#/components/schemas/trust.Group" + }, + "type": "array" + }, + "policy": { + "$ref": "#/components/schemas/trust.Policy" + } + }, + "type": "object" + }, + "trust.Group": { + "description": "Group represents a group of images", + "properties": { + "_id": { + "description": "Name of the group.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "images": { + "description": "Image names or IDs (e.g., docker.io/library/ubuntu:16.04 / SHA264@...).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Filesystem layers. The image is trusted if its layers have a prefix of the trusted groups layer in the same order.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "trust.HostStatus": { + "description": "HostStatus represents an image trust status on a host", + "properties": { + "host": { + "description": "Host name.\n", + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/trust.Status" + } + }, + "type": "object" + }, + "trust.ImageResult": { + "description": "ImageResult represents an aggregated image trust result", + "properties": { + "groups": { + "description": "Trust groups which apply to the image.\n", + "items": { + "$ref": "#/components/schemas/trust.Group" + }, + "type": "array" + }, + "hostsStatuses": { + "description": "Image trust status on each host. Can be set to \"trusted\" or \"untrusted\".\n", + "items": { + "$ref": "#/components/schemas/trust.HostStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "trust.Policy": { + "description": "Policy represents the trust policy", + "properties": { + "_id": { + "description": "ID is the trust group policy ID.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the policy is enabled.\n", + "type": "boolean" + }, + "rules": { + "description": "Rules is the list of rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/trust.PolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "trust.PolicyRule": { + "description": "PolicyRule represents an trust policy rule", + "properties": { + "allowedGroups": { + "description": "AllowedGroups are the ids of the groups that are whitelisted by this rule.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blockMsg": { + "$ref": "#/components/schemas/common.PolicyBlockMsg" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "deniedGroups": { + "description": "DeniedGroups are the ids of the groups that are blacklisted by this rule.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "trust.Status": { + "description": "Status is the trust status for an image", + "enum": [ + [ + "trusted", + "untrusted" + ] + ], + "type": "string" + }, + "types.AccessStats": { + "description": "AccessStats are stats for the access flows", + "properties": { + "docker": { + "$ref": "#/components/schemas/types.AccessStatsCount" + }, + "sshd": { + "$ref": "#/components/schemas/types.AccessStatsCount" + }, + "sudo": { + "$ref": "#/components/schemas/types.AccessStatsCount" + } + }, + "type": "object" + }, + "types.AccessStatsCount": { + "description": "AccessStatsCount stores the total amount of access audits", + "properties": { + "allowed": { + "description": ".\n", + "type": "integer" + }, + "denied": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.AgentlessHostStatus": { + "description": "AgentlessHostStatus holds the status of a host handled by an agentless scan", + "properties": { + "account": { + "description": "Account is the cloud account the host belongs to.\n", + "type": "string" + }, + "availabilityDomain": { + "description": "AvailabilityDomain is the host availability domain.\n", + "type": "string" + }, + "category": { + "description": "Category indicates the status category.\n", + "type": "string" + }, + "cause": { + "description": "Cause describes what caused the error category.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of the matched collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "createdAt": { + "description": "CreatedAt is the time when the instance was launched.\n", + "format": "date-time", + "type": "string" + }, + "details": { + "description": "Details provides more information about status.\n", + "type": "string" + }, + "detectedDuring": { + "$ref": "#/components/schemas/shared.AISOperationType" + }, + "excludedTags": { + "description": "ExcludedTags lists of exclude tags cause the host to be excluded from the scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname is the hostname. E.g. \"ip-192-0-2-0\" or \"custom\".\n", + "type": "string" + }, + "includedTags": { + "description": "IncludedTags lists of include tags cause the host to be excluded from the scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the host's cloud name e.g. \"dimako-test\".\n", + "type": "string" + }, + "ociCompartment": { + "description": "OCICompartment is the compartment the instance belongs to (OCI only).\n", + "type": "string" + }, + "recommendation": { + "description": "Recommendation provides suggestions for possible fixes.\n", + "type": "string" + }, + "region": { + "description": "Region is the region the host belongs to.\n", + "type": "string" + }, + "regionError": { + "description": "RegionError indicates the status origin is a region error.\n", + "type": "boolean" + }, + "resourceID": { + "description": "Unique ID of the resource.\n", + "type": "string" + }, + "scanID": { + "description": "ScanID indicates the scan id in which the status was collected.\n", + "type": "integer" + }, + "scanTime": { + "description": "ScanTime indicates the scan time of the host.\n", + "format": "date-time", + "type": "string" + }, + "source": { + "description": "Source is details on where the status was collected.\n", + "type": "string" + }, + "vmTags": { + "description": "VMTags are the tags of the VM instance.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.AgentlessResourceTemplatesRequest": { + "description": "AgentlessResourceTemplatesRequest is the agentless resource templates request for populating\ntemplates that are needed to be applied prior to an agentless scan with the credential", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "(Required) Specifies the ID for which the templates are generated.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.AlertProfileOption": { + "description": "AlertProfileOption describes options available for configuring an alert type", + "properties": { + "alertType": { + "$ref": "#/components/schemas/api.AlertType" + }, + "hasPolicy": { + "description": "HasPolicy defines whether the alerts are triggered by policy (e.g., this is false for defender alerts).\n", + "type": "boolean" + }, + "name": { + "description": "Name is the display name for the option.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the rule names for the policy associated with this alert type (only relevant if HasPolicy is true).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "supportedClients": { + "description": "SupportedClients are the supported alert clients for this alert (e.g., jira, email).\n", + "items": { + "$ref": "#/components/schemas/api.AlertClientType" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.AllDefendersUsage": { + "description": "AllDefendersUsage holds stats about the usage of different modules and the sample time", + "properties": { + "appEmbedded": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "container": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "containerAgentless": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "host": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "hostAgentless": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "period": { + "description": "Period is the date beginning of the usage period.\n", + "format": "date-time", + "type": "string" + }, + "remainingCredits": { + "description": "RemainingCredits is the amount of credits left at the beginning of the period.\n", + "type": "integer" + }, + "serverless": { + "$ref": "#/components/schemas/types.ServerlessUsage" + }, + "waas": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "waasOutOfBand": { + "$ref": "#/components/schemas/types.DefenderUsage" + } + }, + "type": "object" + }, + "types.AppFirewallAttackCount": { + "description": "AppFirewallAttackCount holds app firewall attack type and the amount of audits", + "properties": { + "count": { + "description": "Count is the count for the attack type.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/waas.AttackType" + } + }, + "type": "object" + }, + "types.AppFirewallStats": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "AppFirewallStats are the daily stats for app firewall audits\nTODO #20802 - replace string key with WAAS attack type type when mongo changed to avoid encoding map keys without stringer", + "type": "object" + }, + "types.ArtifactoryWebhookRequest": { + "description": "ArtifactoryWebhookRequest is an artifactory webhook request\nArtifactory doesn't have native webhook support, instead it comes as a plugin\nhttps://github.com/jfrog/artifactory-user-plugins/tree/master/webhook\nThe relevant fields in the this struct were reverse engineered from the webhook groovy code and from the fields that were sent by a real artifactory environment", + "type": "object" + }, + "types.AssetsSummary": { + "properties": { + "containerImages": { + "$ref": "#/components/schemas/types.ImageAssetsSummary" + }, + "hosts": { + "$ref": "#/components/schemas/types.HostAssetsSummary" + } + }, + "type": "object" + }, + "types.AttackTechniqueStats": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "AttackTechniqueStats represents statistics grouped by attack technique", + "type": "object" + }, + "types.AuditTimeslice": { + "description": "AuditTimeslice counts the number of audit events for a given time period", + "properties": { + "count": { + "description": "Count is the number of audit occurrences.\n", + "type": "integer" + }, + "end": { + "description": "End is the end time of the bucket.\n", + "format": "date-time", + "type": "string" + }, + "start": { + "description": "Start is the start time of the bucket.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.AvailableVulnerabilities": { + "description": "AvailableVulnerabilities contains all available vulnerabilities types", + "properties": { + "complianceVulnerabilities": { + "description": "Compliance is the list of all available compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "cveVulnerabilities": { + "description": "CVE is all available cve vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.BFFHostQueryOptions": { + "properties": { + "hasVulnerabilities": { + "description": ".\n", + "type": "boolean" + }, + "limit": { + "description": ".\n", + "type": "integer" + }, + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "offset": { + "description": ".\n", + "type": "integer" + }, + "reverse": { + "description": ".\n", + "type": "boolean" + }, + "search": { + "description": ".\n", + "type": "string" + }, + "sort": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BFFImageQueryOptions": { + "properties": { + "hasRunningContainers": { + "description": ".\n", + "type": "boolean" + }, + "hasVulnerabilities": { + "description": ".\n", + "type": "boolean" + }, + "limit": { + "description": ".\n", + "type": "integer" + }, + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "offset": { + "description": ".\n", + "type": "integer" + }, + "reverse": { + "description": ".\n", + "type": "boolean" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "search": { + "description": ".\n", + "type": "string" + }, + "sort": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BFFPaginatedResponse": { + "description": "BFFPaginatedResponse is the paginated response", + "properties": { + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "total": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.BaseImage": { + "description": "BaseImage represents an image which is defined as a base image", + "properties": { + "creationTime": { + "description": "CreationTime is the time when the image was created.\n", + "format": "date-time", + "type": "string" + }, + "imageName": { + "description": "ImageName is the image name repository:tag.\n", + "type": "string" + }, + "topLayer": { + "description": "TopLayer is the SHA256 of the image's last filesystem layer.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BaseImagesRule": { + "description": "BaseImagesRule holds the base images defined by a single scope", + "properties": { + "_id": { + "description": "Pattern is the scope configuration identification, e.g. image name regex pattern.\n", + "type": "string" + }, + "description": { + "description": "Description is the base images scope description.\n", + "type": "string" + }, + "images": { + "description": "Images holds the base images which matches the scope configuration, capped to 50 image digests per scope.\n", + "items": { + "$ref": "#/components/schemas/types.BaseImage" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.BffQueryPermissions": { + "description": "BffQueryPermissions are user permissions", + "type": "object" + }, + "types.CSAPairingSettings": { + "description": "CSAPairingSettings is the settings which are received from the CSA during the pairing process", + "properties": { + "apiKey": { + "description": "APIKey is the key to call the CSA API.\n", + "type": "string" + }, + "apiKeyID": { + "description": "APIKeyID is the key ID to call the CSA API.\n", + "type": "string" + }, + "apiURL": { + "description": "APIURL is the CSA API URL.\n", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the fully qualified domain name of CSA tenant.\n", + "type": "string" + }, + "gcpBucketName": { + "description": "GCPBucketName is the name of the GCP bucket.\n", + "type": "string" + }, + "pubSubSubscription": { + "description": "PubSubSubscription is the subscription name to the pub/sub.\n", + "type": "string" + }, + "pubSubSubscriptionDebug": { + "description": "PubSubSubscriptionDebug is the subscription name to the pub/sub for debugging purposes.\n", + "type": "string" + }, + "region": { + "description": "Region is the (GCP) region where the tenant is deployed.\n", + "type": "string" + }, + "serviceAccountKey": { + "description": "ServiceAccountKey is the service account to the pub/sub and bucket.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CSAStatus": { + "description": "CSAStatus is the CSA status", + "properties": { + "tenantURL": { + "description": "TenantURL is the CSA tenant URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CVEStats": { + "description": "CVEStats represents statistics about a CVE type", + "properties": { + "count": { + "description": "Count is the number of CVEs from the specific type.\n", + "type": "integer" + }, + "distro": { + "description": "Distro is the impacted image distro (e.g., ubuntu).\n", + "type": "string" + }, + "distro_release": { + "description": "DistroRelase is the impacted image distro release (bionic).\n", + "type": "string" + }, + "modified": { + "description": "Modified is the max unix timestamp for the specific CVE.\n", + "format": "int64", + "type": "integer" + }, + "type": { + "description": "Type is the vulnerability type.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CVEVulnerability": { + "description": "CVEVulnerability holds data on package and files vulnerabilities", + "properties": { + "affected_cpes": { + "$ref": "#/components/schemas/vulnerability.RHELCpeHashes" + }, + "affected_cpes_uuid": { + "description": "AffectedCpesUUID is used to create unique records for vulnerabilities that only differ in their affected CPEs.\n", + "type": "string" + }, + "app_vuln_id": { + "description": "AppVulnID is the unique ID of the application vulnerability (app+cve+internal custom ID).\n", + "type": "string" + }, + "archs": { + "$ref": "#/components/schemas/vulnerability.CPUArchs" + }, + "conditions": { + "$ref": "#/components/schemas/vulnerability.Conditions" + }, + "cpe_ids": { + "$ref": "#/components/schemas/vulnerability.CpeIDs" + }, + "custom": { + "description": "Custom indicates if this is a custom vulnerability.\n", + "type": "boolean" + }, + "cve": { + "description": ".\n", + "type": "string" + }, + "cvss": { + "description": ".\n", + "format": "float", + "type": "number" + }, + "description": { + "description": "Description is the vulnerability description.\n", + "type": "string" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "distro_release": { + "description": ".\n", + "type": "string" + }, + "exploit": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "fixDate": { + "description": "FixDate is the date this CVE was fixed (unix timestamp).\n", + "format": "int64", + "type": "integer" + }, + "go_package": { + "description": "GoPackage indicates a Go vulnerability at package-level and holds the package import path.\n", + "type": "string" + }, + "jar_identifier": { + "description": "JarIdentifier holds an additional identification detail of the vulnerable JAR.\n", + "type": "string" + }, + "link": { + "description": "Link is the link for information about the vulnerability (used for custom vulnerabilities).\n", + "type": "string" + }, + "link_id": { + "description": "LinkID is the ID required to construct the vendor link to the CVE.\n", + "type": "string" + }, + "modified": { + "description": "Modified is the last time this CVE was modified (unix timestamp).\n", + "format": "int64", + "type": "integer" + }, + "non_vulnerable": { + "description": "NonVulnerable indicates that the CVE in not vulnerable on its own, but only when it comes together with conditional combination of CVE.\n", + "type": "boolean" + }, + "package": { + "description": ".\n", + "type": "string" + }, + "rh_general_cvss": { + "description": "RHGeneralScore is the Red Hat's general CVSS score of this CVE.\n", + "type": "string" + }, + "rh_general_severity": { + "description": "RHGeneralSeverity is the Red Hat's general severity of this CVE.\n", + "type": "string" + }, + "rules": { + "$ref": "#/components/schemas/vulnerability.Rules" + }, + "running_on_with": { + "description": "RunningOnWith is NVD \"running On/With\" conditions.\n", + "type": "string" + }, + "security_repo_pkg": { + "description": "SecurityRepoPkg determines if the package belongs to a security repository (e.g. bullseye-security).\n", + "type": "boolean" + }, + "severity": { + "description": ".\n", + "type": "string" + }, + "status": { + "description": "Status is the official vendor state for the CVE.\n", + "type": "string" + }, + "symbols": { + "$ref": "#/components/schemas/vulnerability.Symbols" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.CVEType" + }, + "vecStr": { + "description": "VectorString is the NVD vulnerability string.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CertData": { + "description": "CertData is used to add a custom certificate to the product", + "properties": { + "certificate": { + "description": "Data is the certificate pem data.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CertSettings": { + "description": "CertSettings are the certificates settings", + "properties": { + "caExpiration": { + "description": "CAExpiration holds the expiration date of the CA cert.\n", + "format": "date-time", + "type": "string" + }, + "consoleSAN": { + "description": "ConsoleSAN if specified, use this list as the SAN for the console server certificate. Used for websocket and API.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defenderOldCAExpiration": { + "description": "DefenderOldCAExpiration holds the expiration time of the defender old CA cert.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.CertificateSettings": { + "description": "CertificateSettings are the certificate settings", + "properties": { + "accessCaCert": { + "description": "AccessCACert is a custom CA certificate.\n", + "type": "string" + }, + "certificatePeriodDays": { + "description": "CertificatePeriodDays is the certificates period in days.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.CloudComputeInfo": { + "description": "CloudComputeInfo holds some fields from the compute structure that may be contained in the raw cloud info", + "properties": { + "vmId": { + "description": "VMID (\"vmId\") is a field used in Azure raw struct.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CloudInfo": { + "description": "CloudInfo holds cloud information of a CSA agent\nTODO #CWP-52951: - Cortex should send us normalized cloud attributes instead of raw data.", + "properties": { + "cloud_provider": { + "$ref": "#/components/schemas/types.CloudProvider" + }, + "raw": { + "$ref": "#/components/schemas/types.CloudRawInfo" + } + }, + "type": "object" + }, + "types.CloudProvider": { + "description": "CloudProvider identifies a cloud provider in the CSA Endpoints API", + "enum": [ + [ + "AWS", + "GCP", + "Azure" + ] + ], + "type": "string" + }, + "types.CloudProviders": { + "items": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "type": "array" + }, + "types.CloudRawInfo": { + "description": "CloudRawInfo holds some fields that may appear in the raw cloud info, depending on cloud provider\nTODO #CWP-52951: - Cortex should send us normalized cloud attributes instead of raw data.", + "properties": { + "compute": { + "$ref": "#/components/schemas/types.CloudComputeInfo" + }, + "id": { + "description": "ID (\"id\") is a field used in GCP raw struct.\n", + "type": "string" + }, + "instance-id": { + "description": "InstanceID (\"instance-id\") is a field used in AWS raw struct.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ClusterRadarInfo": { + "description": "ClusterRadarInfo contains cluster information to display on the radar", + "properties": { + "cloudProivder": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "hostCount": { + "description": "HostCount is the number of host running the cluster.\n", + "type": "integer" + }, + "name": { + "description": "Name of the cluster.\n", + "type": "string" + }, + "namespaceCount": { + "description": "Namespace is the number of namespace in the cluster.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ComplianceCategoryStats": { + "description": "ComplianceCategoryStats holds data regarding a compliance category", + "properties": { + "failed": { + "description": "Failed is the count of impacted resources by the category IDs.\n", + "type": "integer" + }, + "name": { + "$ref": "#/components/schemas/vuln.ComplianceCategory" + }, + "total": { + "description": "Total is the count of evaluations of category IDs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ComplianceDailyStats": { + "description": "ComplianceDailyStats is the compliance daily stats", + "properties": { + "_id": { + "description": "Date holds the date the data was collected.\n", + "type": "string" + }, + "distribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "modified": { + "description": "Modified is the time the data was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.ComplianceIDStats": { + "description": "ComplianceIDStats holds data regarding applied compliance ID", + "properties": { + "benchmarkID": { + "description": "BenchmarkID is the benchmark ID.\n", + "type": "string" + }, + "category": { + "$ref": "#/components/schemas/vuln.ComplianceCategory" + }, + "description": { + "description": "Description is the compliance description.\n", + "type": "string" + }, + "failed": { + "description": "Failed is the number of occurrences of compliance ID in resources.\n", + "type": "integer" + }, + "id": { + "description": "ID is the compliance ID.\n", + "type": "integer" + }, + "severity": { + "description": "Severity is the compliance severity.\n", + "type": "string" + }, + "templateTitle": { + "description": "TemplateTitle is the template title.\n", + "type": "string" + }, + "total": { + "description": "Total is the count of resources evaluated with the compliance.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.Type" + } + }, + "type": "object" + }, + "types.ComplianceStats": { + "description": "ComplianceStats holds compliance data", + "properties": { + "categories": { + "description": "Compliance stats by category.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceCategoryStats" + }, + "type": "array" + }, + "daily": { + "description": "Daily compliance stats.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceDailyStats" + }, + "type": "array" + }, + "ids": { + "description": "Compliance data by check ID.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceIDStats" + }, + "type": "array" + }, + "rules": { + "description": "Compliance stats by policy rules.\n", + "items": { + "$ref": "#/components/schemas/types.RuleComplianceStats" + }, + "type": "array" + }, + "templates": { + "description": "Compliance stats by template.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceTemplateStats" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ComplianceTemplateStats": { + "description": "ComplianceTemplateStats holds data regarding a compliance template", + "properties": { + "failed": { + "description": "Failed is the count of impacted resources by the template IDs.\n", + "type": "integer" + }, + "name": { + "$ref": "#/components/schemas/vuln.ComplianceTemplate" + }, + "total": { + "description": "Total is the count of evaluations of template IDs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ConsoleAuthResponse": { + "description": "ConsoleAuthResponse represents the console certificates authentication response", + "properties": { + "role": { + "description": "UserRole is the authenticated user role.\n", + "type": "string" + }, + "token": { + "description": "Token is the console authentication response token.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ConsoleCertificateSettings": { + "description": "ConsoleCertificateSettings are the console certificate settings", + "properties": { + "checkRevocation": { + "description": "CheckRevocation indicates whether cert revocation status is required.\n", + "type": "boolean" + }, + "consoleCaCert": { + "description": "ConsoleCACert is a custom CA certificate for the console.\n", + "type": "string" + }, + "consoleCustomCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "hpkp": { + "$ref": "#/components/schemas/types.HPKPSettings" + } + }, + "type": "object" + }, + "types.ContainerRadarData": { + "description": "ContainerRadarData represent all data relevant to the network radar", + "properties": { + "containerCount": { + "description": "ContainerCount is the total number of containers.\n", + "type": "integer" + }, + "radar": { + "description": "Radar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/types.ContainerRadarEntity" + }, + "type": "array" + }, + "radarSubnets": { + "description": "RadarSubnets holds all the radar subnets.\n", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ContainerRadarEntity": { + "description": "ContainerRadarEntity is the extended container radar entity (include presentation metadata)", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether this container was scanned by the agentless scanner.\n", + "type": "boolean" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "appFirewallAttackCounts": { + "description": "AppFirewallAttackCounts is the counts for the app firewall attacks.\n", + "items": { + "$ref": "#/components/schemas/types.AppFirewallAttackCount" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "containerCount": { + "description": "ContainerCount is the amount of containers per entity.\n", + "type": "integer" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "dns": { + "description": "DNS states whether this is a DNS node.\n", + "type": "boolean" + }, + "filesystemCount": { + "description": ".\n", + "type": "integer" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "hasDNSConnection": { + "description": "HasDNSConnection states whether the node has DNS connection.\n", + "type": "boolean" + }, + "hostCount": { + "description": ".\n", + "type": "integer" + }, + "hostname": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the entity's image ID.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the entity's image name.\n", + "type": "string" + }, + "imageNames": { + "description": "ImageNames are the names of the image associated with the radar entity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents.\n", + "type": "integer" + }, + "incomingConnections": { + "description": "IncomingConnections are the radar entity incoming connections.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerRadarIncomingConnection" + }, + "type": "array" + }, + "internet": { + "$ref": "#/components/schemas/shared.InternetConnections" + }, + "istio": { + "description": "Istio states whether it is an istio-monitored entity.\n", + "type": "boolean" + }, + "istioAuthorizationPolicies": { + "description": "IstioAuthorizationPolicies are the Istio authorization policies.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicy" + }, + "type": "array" + }, + "k8s": { + "$ref": "#/components/schemas/shared.ProfileKubernetesData" + }, + "label": { + "description": "Label is the entity's label.\n", + "type": "string" + }, + "labels": { + "description": "Labels are the radar entity labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "learning": { + "description": "Learning indicates whether the runtime profile associated with the entity is in learning state.\n", + "type": "boolean" + }, + "namespace": { + "description": "Namespace is the kubernetes namespace the entity belongs to (for kubernetes type).\n", + "type": "string" + }, + "networkCount": { + "description": ".\n", + "type": "integer" + }, + "processesCount": { + "description": ".\n", + "type": "integer" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "region": { + "description": "Region is the cloud provider region.\n", + "type": "string" + }, + "resolved": { + "description": "Resolved indicates if the entity has all data resolved or just contains the ID and hash, used to indicate if the console should be updated on entity resolving.\n", + "type": "boolean" + }, + "serviceIP": { + "description": "ServiceIP the ip of the kubernetes service (for kubernetes type).\n", + "type": "string" + }, + "serviceName": { + "description": "ServiceName is kubernetes service the entity belongs to (for kubernetes type).\n", + "type": "string" + }, + "servicePorts": { + "description": "ServicePorts are the ports the kubernetes service exposes (for kubernetes type).\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "shouldSkipNetwork": { + "description": "ShouldSkipNetwork indicates whether network monitoring for this container should be skipeed or not.\n", + "type": "boolean" + }, + "subnetConnections": { + "$ref": "#/components/schemas/shared.SubnetConnections" + }, + "type": { + "$ref": "#/components/schemas/shared.EntityType" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "waasStats": { + "$ref": "#/components/schemas/waas.MonitoringStats" + } + }, + "type": "object" + }, + "types.Count": { + "properties": { + "value": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.CredentialUsage": { + "description": "CredentialUsage represents a single credential usage", + "properties": { + "description": { + "description": "Resource description (e.g., repository name for registry scan).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cred.UsageType" + } + }, + "type": "object" + }, + "types.DefenderSummary": { + "description": "DefenderSummary is a summary for a type of defender", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "connected": { + "description": "Connected counts how many defenders are connected for this category.\n", + "type": "integer" + }, + "deployed": { + "description": "Deployed counts how many defenders are deployed for this category.\n", + "type": "integer" + }, + "licensed": { + "description": "Licensed counts how many defenders are licensed for this category.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.DefenderUsage": { + "description": "DefenderUsage holds the number of defenders and the credits used for a specific defender type", + "properties": { + "creditCount": { + "description": "CreditCount is credits that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "defendersCount": { + "description": "DefendersCount is the number of defenders that was used for this defender type.\n", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "types.DefendersVersionCount": { + "description": "DefendersVersionCount holds the defenders count per each version", + "properties": { + "count": { + "description": "Defenders count per version.\n", + "type": "integer" + }, + "version": { + "description": "Release version.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.DiscoveredVM": { + "description": "DiscoveredVM represents the information about the instance, fetched from the cloud compute interface", + "properties": { + "_id": { + "description": "ID is the instance id. E.g. \"i-5cd23551\".\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud provider account ID.\n", + "type": "string" + }, + "architecture": { + "description": "Architecture is the architecture of the image.\n", + "type": "string" + }, + "arn": { + "description": "The Amazon Resource Name (ARN) assigned to the instance.\n", + "type": "string" + }, + "awsSubnetID": { + "description": "AWSSubnetID is the ID of the subnet associated with the VM (AWS only).\n", + "type": "string" + }, + "awsVPCID": { + "description": "AWSVPCID is the ID of the VPC associated with the VM (AWS only).\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster name that is associated with the vm.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of the matched collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "createdAt": { + "description": "CreatedAt is the time when the instance was launched.\n", + "format": "date-time", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the host's fully qualified domain name . E.g. \"ip-192-0-2-0.us-east-2.compute.internal\".\n", + "type": "string" + }, + "hasDefender": { + "description": "HasDefender indicates that the instance has a defender installed on it.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the hostname. E.g. \"ip-192-0-2-0\" or \"custom\".\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the ID of the AMI used to launch the instance. E.g. \"ami-35501205\".\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the name of the AMI used to launch the instance.\n", + "type": "string" + }, + "name": { + "description": "Name is the instance name.\n", + "type": "string" + }, + "os": { + "description": "OS is the Operating System installed on the instance.\n", + "type": "string" + }, + "osInfo": { + "$ref": "#/components/schemas/common.OSDistroInfo" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region the VM is located at.\n", + "type": "string" + }, + "tags": { + "description": "Tags are the tags of the VM instance.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "timestamp": { + "description": "Timestamp is the time in which the instance info was fetched.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.EcsTaskDefinitionOptions": { + "description": "EcsTaskDefinitionOptions holds the ecs deployment options", + "properties": { + "annotations": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Annotations is mapping of key-value pairs of annotations metadata - optional.\n", + "type": "object" + }, + "bottlerocket": { + "description": "Bottlerocket indicates whether to be deployed on a Bottlerocket Linux OS.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the kubernetes or ecs cluster name.\n", + "type": "string" + }, + "clusterNameResolvingMethod": { + "description": "ClusterNameResolvingMethod is the method used to resolve the cluster name, could be default, manual or api-server.\n", + "type": "string" + }, + "collectPodLabels": { + "description": "CollectPodLabels indicates whether to collect pod related labels resource labels.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address for defender communication.\n", + "type": "string" + }, + "containerRuntime": { + "$ref": "#/components/schemas/common.ContainerRuntime" + }, + "cpuLimit": { + "description": "CPULimit is the cpu limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "dockerSocketPath": { + "description": "DockerSocketPath is the path of the docker socket file.\n", + "type": "string" + }, + "gkeAutopilot": { + "description": "GKEAutopilot indicates the deployment is requested for GKE Autopilot.\n", + "type": "boolean" + }, + "hostCustomComplianceEnabled": { + "description": "HostCustomComplianceEnabled indicates whether host custom compliance checks are enabled.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the full daemonset image name.\n", + "type": "string" + }, + "istio": { + "description": "MonitorIstio indicates whether to monitor Istio.\n", + "type": "boolean" + }, + "memoryLimit": { + "description": "MemoryLimit is a memory limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "namespace": { + "description": "Namespace is the target deamonset namespaces.\n", + "type": "string" + }, + "nodeSelector": { + "description": "NodeSelector is a key/value node selector.\n", + "type": "string" + }, + "orchestration": { + "description": "Orchestration is the orchestration type.\n", + "type": "string" + }, + "priorityClassName": { + "description": "PriorityClassName is the name of the priority class for the defender - optional.\n", + "type": "string" + }, + "privileged": { + "description": "Privileged indicates whether to run defenders as privileged.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "roleARN": { + "description": "RoleARN is the role's ARN to associate with the created service account - optional.\n", + "type": "string" + }, + "secretsname": { + "description": "SecretsName is the name of the secret to pull.\n", + "type": "string" + }, + "selinux": { + "description": "SelinuxEnforced indicates whether selinux is enforced on the target host.\n", + "type": "boolean" + }, + "serviceaccounts": { + "description": "MonitorServiceAccounts indicates whether to monitor service accounts.\n", + "type": "boolean" + }, + "talos": { + "description": "Talos indicates if the daemonset is to be deployed on a Talos Linux k8s cluster.\n", + "type": "boolean" + }, + "taskName": { + "description": "TaskName is the name used for the task definition.\n", + "type": "string" + }, + "tolerations": { + "description": "Tolerations is a list of tolerations for the defender deamonset - optional.\n", + "items": { + "$ref": "#/components/schemas/common.Toleration" + }, + "type": "array" + }, + "uniqueHostname": { + "description": "UniqueHostname indicates whether to assign unique hostnames.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Endpoint": { + "description": "Endpoint represents a Cortex XDR agent", + "properties": { + "active_directory": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "alias": { + "description": ".\n", + "type": "string" + }, + "assigned_extensions_policy": { + "description": ".\n", + "type": "string" + }, + "assigned_prevention_policy": { + "description": ".\n", + "type": "string" + }, + "cloud_info": { + "$ref": "#/components/schemas/types.CloudInfo" + }, + "cloud_labels": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cloud_provider_account_id": { + "description": ".\n", + "type": "string" + }, + "cloud_security_agent_capable": { + "description": ".\n", + "type": "boolean" + }, + "cloud_security_agent_mode": { + "description": ".\n", + "type": "boolean" + }, + "cluster_name": { + "description": ".\n", + "type": "string" + }, + "content_release_timestamp": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "content_status": { + "description": ".\n", + "type": "string" + }, + "content_version": { + "description": ".\n", + "type": "string" + }, + "domain": { + "description": ".\n", + "type": "string" + }, + "endpoint_id": { + "description": "EndpointID is the Endpoint unique identifier.\n", + "type": "string" + }, + "endpoint_name": { + "description": "EndpointName is the hostname.\n", + "type": "string" + }, + "endpoint_status": { + "description": ".\n", + "type": "string" + }, + "endpoint_type": { + "description": ".\n", + "type": "string" + }, + "endpoint_version": { + "description": ".\n", + "type": "string" + }, + "first_seen": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "group_name": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "install_date": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "installation_package": { + "description": ".\n", + "type": "string" + }, + "ip": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ipv6": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "is_isolated": { + "description": ".\n", + "type": "string" + }, + "isolated_date": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "last_content_update_time": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "last_seen": { + "description": "LastSeen is the last time the Endpoint was seen connected (UTC epoch milliseconds).\n", + "format": "int64", + "type": "integer" + }, + "mac_address": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "operating_system": { + "description": ".\n", + "type": "string" + }, + "operational_status": { + "description": ".\n", + "type": "string" + }, + "operational_status_description": { + "description": ".\n", + "type": "string" + }, + "operational_status_details": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.OperationalStatusDetail" + }, + "type": "array" + }, + "os_type": { + "description": ".\n", + "type": "string" + }, + "os_version": { + "description": ".\n", + "type": "string" + }, + "public_ip": { + "description": ".\n", + "type": "string" + }, + "scan_status": { + "description": ".\n", + "type": "string" + }, + "tags": { + "$ref": "#/components/schemas/types.Tags" + }, + "token_hash": { + "description": ".\n", + "type": "string" + }, + "users": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.EventStats": { + "description": "EventStats holds counters for all event types", + "properties": { + "admissionAudits": { + "description": ".\n", + "type": "integer" + }, + "agentlessAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "appEmbeddedAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "appEmbeddedRuntime": { + "description": ".\n", + "type": "integer" + }, + "containerAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "containerNetworkFirewall": { + "description": ".\n", + "type": "integer" + }, + "containerRuntime": { + "description": ".\n", + "type": "integer" + }, + "containerSecurityEvents": { + "description": "Cloud Security Agent event stats.\n", + "type": "integer" + }, + "dockerAccess": { + "description": ".\n", + "type": "integer" + }, + "fileIntegrity": { + "description": ".\n", + "type": "integer" + }, + "hostActivities": { + "description": ".\n", + "type": "integer" + }, + "hostAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "hostNetworkFirewall": { + "description": ".\n", + "type": "integer" + }, + "hostRuntime": { + "description": ".\n", + "type": "integer" + }, + "hostSecurityEvents": { + "description": ".\n", + "type": "integer" + }, + "kubernetesAudits": { + "description": ".\n", + "type": "integer" + }, + "logInspection": { + "description": ".\n", + "type": "integer" + }, + "serverlessAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "serverlessRuntime": { + "description": ".\n", + "type": "integer" + }, + "trustAudits": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.Group": { + "description": "Group represents a console group", + "properties": { + "_id": { + "description": "Group name.\n", + "type": "string" + }, + "groupId": { + "description": "Group identifier in the Azure SAML identification process.\n", + "type": "string" + }, + "groupName": { + "description": "Group name.\n", + "type": "string" + }, + "lastModified": { + "description": "Datetime when the group was created or last modified.\n", + "format": "date-time", + "type": "string" + }, + "ldapGroup": { + "description": "Indicates if the group is an LDAP group (true) or not (false).\n", + "type": "boolean" + }, + "oauthGroup": { + "description": "Indicates if the group is an OAuth group (true) or not (false).\n", + "type": "boolean" + }, + "oidcGroup": { + "description": "Indicates if the group is an OpenID Connect group (true) or not (false).\n", + "type": "boolean" + }, + "owner": { + "description": "User who created or modified the group.\n", + "type": "string" + }, + "permissions": { + "$ref": "#/components/schemas/api.Permissions" + }, + "role": { + "description": "Role of the group.\n", + "type": "string" + }, + "samlGroup": { + "description": "Indicates if the group is a SAML group (true) or not (false).\n", + "type": "boolean" + }, + "user": { + "description": "Users in the group.\n", + "items": { + "$ref": "#/components/schemas/shared.User" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.Groups": { + "description": "Groups represents a list of groups", + "items": { + "$ref": "#/components/schemas/types.Group" + }, + "type": "array" + }, + "types.HPKPSettings": { + "description": "HPKPSettings represents the public key pinning settings", + "properties": { + "certs": { + "description": "Certs are the public certs used for fingerprinting.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "fingerprints": { + "description": "SHA256 fingerprints of the certificates.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostAssetInfo": { + "properties": { + "accountID": { + "description": ".\n", + "type": "string" + }, + "cluster": { + "description": ".\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "docker": { + "description": ".\n", + "type": "string" + }, + "kubernetes": { + "description": ".\n", + "type": "string" + }, + "lastScanTime": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "osDistro": { + "description": ".\n", + "type": "string" + }, + "osRelease": { + "description": ".\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": ".\n", + "type": "string" + }, + "resourceName": { + "description": ".\n", + "type": "string" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "scannedBy": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + }, + "vmImage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.HostAssetsSummary": { + "properties": { + "cloudProviders": { + "$ref": "#/components/schemas/types.CloudProviders" + }, + "total": { + "description": ".\n", + "type": "integer" + }, + "vulnerable": { + "description": "Vulnerable is the number of images with impactful vulnerabilities.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.HostAutoDeploySpecStatus": { + "description": "HostAutoDeploySpecStatus contains the discovery and deployment status for a particular host auto-deploy spec", + "properties": { + "defended": { + "description": "Defended is the number of already defended VMs.\n", + "type": "integer" + }, + "discovered": { + "description": "Discovered is the number of discovered unprodected VMs.\n", + "type": "integer" + }, + "error": { + "description": "Error is an error logged during the the auto-deploy scan (if occurred).\n", + "type": "string" + }, + "errors": { + "description": "Errors are the errors occurred in the command invocations.\n", + "items": { + "$ref": "#/components/schemas/deployment.CommandError" + }, + "type": "array" + }, + "failed": { + "description": "Failed is the number of instances where deployment failed.\n", + "type": "integer" + }, + "missingPermissions": { + "description": "MissingPermissions is the number of instances in regions that the credential don't have permissions to them.\n", + "type": "integer" + }, + "name": { + "description": "Name is the spec name.\n", + "type": "string" + }, + "skipped": { + "description": "Skipped is the number of instances that the deployment was skipped for due to having a running Docker engine or being a worker node in a k8s cluster.\n", + "type": "integer" + }, + "unmatched": { + "description": "Unmatched is the number of discovered instances for which the scope does not apply.\n", + "type": "integer" + }, + "unsupported": { + "description": "Unsupported is the number of instances with missing prerequisites.\n", + "type": "integer" + }, + "windows": { + "description": "Windows is the number of windows instances discovered.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.HostAutoDeployStatus": { + "description": "HostAutoDeployStatus is the status of the deployment tasks per spec during the host auto-deploy action", + "properties": { + "scanning": { + "description": "Scanning indicates whether scanning is running.\n", + "type": "boolean" + }, + "status": { + "description": "Status contains the deploy status for each spec.\n", + "items": { + "$ref": "#/components/schemas/types.HostAutoDeploySpecStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostRadarData": { + "description": "HostRadarData represent all data relevant to the network radar", + "properties": { + "hostCount": { + "description": "HostCount is the total number of hosts.\n", + "type": "integer" + }, + "radar": { + "description": "Radar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/types.HostRadarEntity" + }, + "type": "array" + }, + "radarSubnets": { + "description": "RadarSubnets holds all the radar subnets.\n", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostRadarEntity": { + "description": "HostRadarEntity is the extended host radar entity (include presentation metadata)", + "properties": { + "OSDistro": { + "description": "OSDistro is the OS distro name (e.g., ubuntu).\n", + "type": "string" + }, + "_id": { + "description": "ID is the host name.\n", + "type": "string" + }, + "activitiesCount": { + "description": "ActivitiesCount is the number of activities detected in the host.\n", + "type": "integer" + }, + "agentless": { + "description": "Agentless indicates whether this host was scanned by the agentless scanner.\n", + "type": "boolean" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "appFirewallAttackCounts": { + "description": "AppFirewallAttackCounts is the counts for the app firewall attacks.\n", + "items": { + "$ref": "#/components/schemas/types.AppFirewallAttackCount" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the cluster the host is deployed on.\n", + "type": "string" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "fileIntegrityCount": { + "description": "FileIntegrityCount is the number of file integrity events detected in the host.\n", + "type": "integer" + }, + "filesystemCount": { + "description": "FilesystemCount is number of filesystem events triggered by the entity.\n", + "type": "integer" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents triggered by the entity.\n", + "type": "integer" + }, + "incoming": { + "description": "Incoming are the incoming connections from the host.\n", + "items": { + "$ref": "#/components/schemas/shared.HostRadarIncomingConnection" + }, + "type": "array" + }, + "internet": { + "$ref": "#/components/schemas/shared.InternetConnections" + }, + "labels": { + "description": "Labels are the labels associated with the profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "listeningPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + }, + "logInspectionCount": { + "description": "LogInspectionCount is the number of log inspection events detected in the host.\n", + "type": "integer" + }, + "networkCount": { + "description": "NetworkCount is number of network events triggered by the entity.\n", + "type": "integer" + }, + "outboundPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + }, + "processesCount": { + "description": "ProcessesCount is the number of processes events triggered by the entity.\n", + "type": "integer" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "subnetConnections": { + "$ref": "#/components/schemas/shared.SubnetConnections" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "waasStats": { + "$ref": "#/components/schemas/waas.MonitoringStats" + } + }, + "type": "object" + }, + "types.ImageAssetInfo": { + "properties": { + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "digest": { + "description": ".\n", + "type": "string" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": ".\n", + "type": "string" + }, + "lastScanTime": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "osDistro": { + "description": ".\n", + "type": "string" + }, + "osRelease": { + "description": ".\n", + "type": "string" + }, + "registry": { + "description": ".\n", + "type": "string" + }, + "repository": { + "description": ".\n", + "type": "string" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "scannedBy": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImageAssetsSummary": { + "properties": { + "cloudProviders": { + "$ref": "#/components/schemas/types.CloudProviders" + }, + "stages": { + "$ref": "#/components/schemas/types.Stages" + }, + "vulnerable": { + "description": "Vulnerable is the number of images with impactful vulnerabilities.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ImageScanOptions": { + "description": "ImageScanOptions holds the options for image scanning", + "properties": { + "hostname": { + "description": "Hostname is the optional host name to scan.\n", + "type": "string" + }, + "imageTag": { + "$ref": "#/components/schemas/shared.ImageTag" + } + }, + "type": "object" + }, + "types.ImpactedContainer": { + "description": "ImpactedContainer contains details of a running container with an impacted image", + "properties": { + "container": { + "description": ".\n", + "type": "string" + }, + "factors": { + "$ref": "#/components/schemas/types.RiskScoreFactors" + }, + "host": { + "description": ".\n", + "type": "string" + }, + "image": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": ".\n", + "type": "string" + }, + "namespace": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedOutOfBandEntity": { + "description": "ImpactedOutOfBandEntity holds the info of an impacted out of band entity", + "properties": { + "containerName": { + "description": "ContainerName is the name of the container or empty for host.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the name of the host that was scanned or host on which the container is deployed.\n", + "type": "string" + }, + "image": { + "description": "Image is the image name of the container or empty for host.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedPackage": { + "description": "ImpactedPackage holds the vulnerability details for a package", + "properties": { + "cvss": { + "description": "CVSS is the vulnerability cvss score for this package.\n", + "format": "float", + "type": "number" + }, + "package": { + "description": "Package is the impacted package name and version.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the vulnerability severity for this package.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedResourceDetails": { + "description": "ImpactedResourceDetails holds the vulnerability details for a specific impacted resource", + "properties": { + "containers": { + "description": "Containers are the running containers of this image found in the environment.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedContainer" + }, + "type": "array" + }, + "functionDetails": { + "description": "FunctionDetails is a formatted string holding function details.\n", + "type": "string" + }, + "packages": { + "description": "Packages holds vulnerability details per impacted package found in this resource.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedPackage" + }, + "type": "array" + }, + "resourceID": { + "description": "ResourceID is a resource identifier (e.g. image ID, hostname).\n", + "type": "string" + } + }, + "type": "object" + }, + "types.IntelligenceStatus": { + "description": "IntelligenceStatus stores the status on the intelligence service", + "properties": { + "connected": { + "description": ".\n", + "type": "boolean" + }, + "err": { + "description": ".\n", + "type": "string" + }, + "lastUpdate": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.IssueType": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + }, + "types.LatestVersion": { + "description": "LatestVersion represents the latest remote product version", + "properties": { + "latestVersion": { + "description": "LatestVersion is the latest official product version.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.LicenseStats": { + "description": "LicenseStats holds the console license stats", + "properties": { + "avg": { + "description": "Avg is the average number of credits.\n", + "format": "double", + "type": "number" + }, + "containerDefenders": { + "description": "ContainerDefenders is the total number of container defenders.\n", + "type": "integer" + }, + "dailySamplesDefenders": { + "description": "DailySamplesDefenders holds the last 30 daily credits averages.\n", + "items": { + "$ref": "#/components/schemas/float64" + }, + "type": "array" + }, + "exceeded": { + "description": "Exceeded indicates the number of credits exceeded license.\n", + "type": "boolean" + }, + "hostDefenders": { + "description": "HostDefenders is the total number of host defenders.\n", + "type": "integer" + }, + "hourAvg": { + "description": "HourAvg is the average number of credits per hour.\n", + "format": "double", + "type": "number" + }, + "hourSamples": { + "description": "HourSamples is the number of hourly samples collected.\n", + "format": "double", + "type": "number" + }, + "monthlyUsage": { + "description": "MonthlyUsage holds the last 24 monthly usage averages.\n", + "items": { + "$ref": "#/components/schemas/types.AllDefendersUsage" + }, + "type": "array" + }, + "msg": { + "description": "Msg is the license exceeded error/warning message to show.\n", + "type": "string" + }, + "onDemandCredits": { + "description": "OnDemandCredits is the number of on demand credits used during the current contract.\n", + "type": "integer" + }, + "protectedFunctions": { + "description": "ProtectedFunctions is the number of serverless functions that have a defender installed.\n", + "format": "double", + "type": "number" + }, + "scannedFunctions": { + "description": "ScannedFunctions is the number functions being scanned for vulnerabilities and compliance issues without a defender installed.\n", + "format": "double", + "type": "number" + }, + "serverlessTimestamp": { + "description": "ServerlessTimestamp is the timestamp for the last serverless credit calculation.\n", + "format": "date-time", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the last collection timestamp.\n", + "format": "date-time", + "type": "string" + }, + "totalCreditUsage": { + "description": "TotalCreditUsage is the total amount of credits used from the beginning of the current contract.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.LogUploadResponse": { + "description": "LogUploadResponse returns the result of uploading a file to the intelligence", + "properties": { + "remotePath": { + "description": "Path returned by the intelligence.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.LogonSettings": { + "description": "LogonSettings are settings associated with the login properties", + "properties": { + "basicAuthDisabled": { + "description": "Indicates whether the user can use basic auth.\n", + "type": "boolean" + }, + "includeTLS": { + "description": "IncludeTLS indicates that TLS checks should be included in copy links.\n", + "type": "boolean" + }, + "sessionTimeoutSec": { + "description": "SessionTimeoutSec defines the session timeout in seconds.\n", + "format": "int64", + "type": "integer" + }, + "strongPassword": { + "description": "StrongPassword indicates whether strong password enforcement is applied.\n", + "type": "boolean" + }, + "useSupportCredentials": { + "description": "UseSupportCredentials indicates whether to include credentials in the URL.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.MgmtAuditFilters": { + "description": "MgmtAuditFilters are filters for management audit queries", + "properties": { + "type": { + "description": "Type is the management audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "username": { + "description": "Usernames is a filter for specific users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.NetworkFirewallStats": { + "description": "NetworkFirewallStats stores the total amount of network firewall audits", + "properties": { + "alerted": { + "description": ".\n", + "type": "integer" + }, + "blocked": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.OperationalStatusDetail": { + "properties": { + "reason": { + "description": ".\n", + "type": "string" + }, + "title": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ProfileStateUpdate": { + "description": "ProfileStateUpdate is the request for updating profile state", + "properties": { + "profileID": { + "description": "ID is the profile ID to relearn.\n", + "type": "string" + }, + "state": { + "$ref": "#/components/schemas/shared.RuntimeProfileState" + } + }, + "type": "object" + }, + "types.Project": { + "description": "Project represent the project details", + "properties": { + "_id": { + "description": "ID is the project name (primary index).\n", + "type": "string" + }, + "address": { + "description": "Address is the project address.\n", + "type": "string" + }, + "ca": { + "description": "CACertificate is the remote console CA certificate.\n", + "items": { + "$ref": "#/components/schemas/byte" + }, + "type": "array" + }, + "creationTime": { + "description": "CreationTime is the remote project creation time.\n", + "format": "date-time", + "type": "string" + }, + "err": { + "description": "Err are errors that happened during project synchronization / setup.\n", + "type": "string" + }, + "password": { + "$ref": "#/components/schemas/common.Secret" + }, + "skipCertificateVerification": { + "description": "SkipCertificateVerification indicates that the connection to the secondary project is done on insecure channel, this is used when secondary\nproject is behind a proxy or when customer is using custom certs.\n", + "type": "boolean" + }, + "username": { + "description": "Username is the remote project username.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ProjectCredentials": { + "description": "ProjectCredentials are the supervisor project credentials", + "properties": { + "password": { + "description": "Password is the password used for the deleted project access.\n", + "type": "string" + }, + "user": { + "description": "User is the user used for the deleted project access.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RegistryWebhookRequest": { + "description": "RegistryWebhookRequest is a registry scanning webhook request.\nSchema supports multiple webhook providers:\nhttps://docs.docker.com/docker-hub/webhooks/\nhttps://docs.docker.com/registry/notifications/", + "properties": { + "action": { + "description": "Action is the webhook action.\n", + "type": "string" + }, + "artifactory": { + "$ref": "#/components/schemas/types.ArtifactoryWebhookRequest" + }, + "domain": { + "description": "Domain indicates the artifactory webhook domain (e.g., artifact, docker, build, etc). Used to avoid filter docker events.\n", + "type": "string" + }, + "event_type": { + "description": "EventType is the artifactory webhook action performed (e.g., push).\n", + "type": "string" + }, + "type": { + "description": "Type is the event type (Harbor registry).\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RelatedImage": { + "properties": { + "name": { + "description": ".\n", + "type": "string" + }, + "scanStatus": { + "description": ".\n", + "type": "boolean" + }, + "uaiID": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RelatedImages": { + "properties": { + "build": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + }, + "deploy": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + }, + "run": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ResourceVulnerabilityStats": { + "description": "ResourceVulnerabilityStats holds vulnerability stats of a single resource type", + "properties": { + "count": { + "description": "Count is the total number of vulnerabilities.\n", + "type": "integer" + }, + "cves": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "impacted": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilities": { + "description": "All resource vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/types.VulnerabilityInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.RiskScoreFactors": { + "description": "RiskScoreFactors holds factors used to calculate risk score", + "properties": { + "envVarSecrets": { + "description": "EnvVarSecrets indicates whether a container has access to secrets via environment variables.\n", + "type": "boolean" + }, + "hostAccess": { + "description": "HostAccess indicates whether a container has access to the host network or namespace.\n", + "type": "boolean" + }, + "internet": { + "description": "Internet indicates whether a container has internet access.\n", + "type": "boolean" + }, + "network": { + "description": "Network indicates whether a container is listening to ports.\n", + "type": "boolean" + }, + "noSecurityProfile": { + "description": "NoSecurityProfile indicates whether a container has security profile issue.\n", + "type": "boolean" + }, + "privilegedContainer": { + "description": "PrivilegedContainer indicates whether a container runs using the --privileged flag.\n", + "type": "boolean" + }, + "rootMount": { + "description": "RootMount indicates whether a container has access to the host file system using a root mount.\n", + "type": "boolean" + }, + "rootPrivilege": { + "description": "RootPrivilege indicates whether a container runs as root.\n", + "type": "boolean" + }, + "runtimeSocket": { + "description": "RuntimeSocket indicates whether a container has the runtime socket mounted.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.RuleComplianceStats": { + "description": "RuleComplianceStats holds data regarding applied compliance rule", + "properties": { + "failed": { + "description": "Failed is the count of the rule compliance IDs in resources.\n", + "type": "integer" + }, + "name": { + "description": "Name is the name of the applied rule.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "total": { + "description": "Total is the count of evaluations done by rule.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.RuntimeStats": { + "description": "RuntimeStats are stats for runtime flows (sum of audits per flow)", + "properties": { + "filesystem": { + "description": ".\n", + "type": "integer" + }, + "kubernetes": { + "description": ".\n", + "type": "integer" + }, + "network": { + "description": ".\n", + "type": "integer" + }, + "processes": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.SecretsStatus": { + "description": "SecretsStatus holds the update status for the secrets", + "properties": { + "err": { + "description": ".\n", + "type": "string" + }, + "lastUpdate": { + "description": ".\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorConfiguration": { + "description": "SecurityAdvisorConfiguration is the security configuration associated with security advisor", + "properties": { + "accountID": { + "description": "AccountID is the customer account ID.\n", + "type": "string" + }, + "apikey": { + "description": "APIKey is the security advisor secret.\n", + "type": "string" + }, + "findingsURL": { + "description": "FindingsURL is the url to which findings should be sent.\n", + "type": "string" + }, + "providerId": { + "description": "ProviderID is the id assigned to Twistlock.\n", + "type": "string" + }, + "tokenURL": { + "description": "TokenURL is the url from which token should be fetched.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorDashboardResp": { + "description": "SecurityAdvisorDashboardResp is the response to security advisor dashboard", + "properties": { + "url": { + "description": "URL is the console URL link.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorNotes": { + "description": "SecurityAdvisorNotes security advisor the security advisor finding metadata", + "properties": { + "changedSince": { + "description": "ChangedSince is the last time entries were modified.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ServerlessAutoDeploySpecStatus": { + "description": "ServerlessAutoDeploySpecStatus contains status for a particular serverless auto-deploy spec", + "properties": { + "defended": { + "description": "Defended is the number of already defended functions.\n", + "type": "integer" + }, + "discovered": { + "description": "Discovered is the number of functions to protect.\n", + "type": "integer" + }, + "name": { + "description": "Name is the spec name.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ServerlessAutoDeployStatus": { + "description": "ServerlessAutoDeployStatus is the status of the serverless auto-deploy scan", + "properties": { + "errors": { + "description": "Errors is the collection of errors for the auto-deploy scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "scanning": { + "description": "Scanning indicates whether scanning is running.\n", + "type": "boolean" + }, + "specs": { + "description": "Specs contains the status for each spec.\n", + "items": { + "$ref": "#/components/schemas/types.ServerlessAutoDeploySpecStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ServerlessRadarStatus": { + "description": "ServerlessRadarStatus holds the status for serverless radar scans", + "properties": { + "err": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ServerlessUsage": { + "description": "ServerlessUsage holds the number of defenders, invocations and credits used for serverless defenders", + "properties": { + "creditCount": { + "description": "CreditCount is credits that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "defendersCount": { + "description": "DefendersCount is the number of defenders that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "protectedFunctions": { + "description": "ProtectedFunctions is the number of serverless functions that have a defender installed.\n", + "format": "double", + "type": "number" + }, + "scannedFunctions": { + "description": "ScannedFunctions is the number functions being scanned for vulnerabilities and compliance issues without a defender installed.\n", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "types.Settings": { + "description": "Settings are the global system settings", + "properties": { + "WAASLogScrubbingSpecs": { + "$ref": "#/components/schemas/waas.SensitiveDataSpecs" + }, + "accessCaCert": { + "description": "AccessCACert is a custom CA certificate.\n", + "type": "string" + }, + "address": { + "description": "Address is the intelligence service address.\n", + "type": "string" + }, + "alerts": { + "$ref": "#/components/schemas/api.AlertSettings" + }, + "certSettings": { + "$ref": "#/components/schemas/types.CertSettings" + }, + "certificatePeriodDays": { + "description": "ClientCertificatePeriodDays is the certificates period in days of client certificates.\n", + "type": "integer" + }, + "checkRevocation": { + "description": "CheckRevocation indicates whether cert revocation status is required.\n", + "type": "boolean" + }, + "clusteredDB": { + "$ref": "#/components/schemas/clustereddb.Settings" + }, + "communicationPort": { + "description": "MgmtPortHTTP is the Console HTTP port.\n", + "type": "integer" + }, + "consoleCaCert": { + "description": "ConsoleCACert is a custom CA certificate for the console.\n", + "type": "string" + }, + "consoleCustomCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "consoleNames": { + "description": "ConsoleNames is a list of names to use when generating the console SAN certificate.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialsCountLimit": { + "description": "CredentialsCountLimit is the maximum amount of allowed credentials.\n", + "type": "integer" + }, + "csaAPairingSettings": { + "$ref": "#/components/schemas/types.CSAPairingSettings" + }, + "customEndpoint": { + "description": "CustomEndpoint is the user defined custom endpoint.\n", + "type": "string" + }, + "customEndpointCACert": { + "description": "CustomEndpointCACert is the custom CA cert bundle for trusting the custom endpoint.\n", + "type": "string" + }, + "customEndpointCredentialID": { + "description": "CustomEndpointCredentialID is the custom endpoint credential ID.\n", + "type": "string" + }, + "customEndpointEnabled": { + "description": "CustomEndpointEnabled indicates that the user custom endpoint is enabled.\n", + "type": "boolean" + }, + "customLabels": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + }, + "defenderSettings": { + "$ref": "#/components/schemas/defender.Settings" + }, + "enabled": { + "description": "Enabled indicates whether intelligence service is enabled.\n", + "type": "boolean" + }, + "fipsEnabled": { + "description": "FIPSEnabled indicates whether FIPS-compliant cryptography is enforced.\n", + "type": "boolean" + }, + "forensic": { + "$ref": "#/components/schemas/shared.ForensicSettings" + }, + "hasAdmin": { + "description": "HasAdmin indicates whether the admin account is initialized.\n", + "type": "boolean" + }, + "hostAutoDeploy": { + "$ref": "#/components/schemas/shared.HostAutoDeploySpecifications" + }, + "hpkp": { + "$ref": "#/components/schemas/types.HPKPSettings" + }, + "identitySettings": { + "$ref": "#/components/schemas/identity.Settings" + }, + "ldapEnabled": { + "description": "LdapEnabled indicates whether ldap is enabled.\n", + "type": "boolean" + }, + "licenseKey": { + "description": "LicenseKey is the license key.\n", + "type": "string" + }, + "logging": { + "$ref": "#/components/schemas/shared.LoggingSettings" + }, + "logon": { + "$ref": "#/components/schemas/types.LogonSettings" + }, + "oauthEnabled": { + "description": "OauthEnabled indicates whether Oauth is enabled.\n", + "type": "boolean" + }, + "oidcEnabled": { + "description": "OidcEnabled indicates whether OpenID connect is enabled.\n", + "type": "boolean" + }, + "projects": { + "$ref": "#/components/schemas/api.ProjectSettings" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "registry": { + "$ref": "#/components/schemas/shared.RegistrySettings" + }, + "runtimeSecretScrubbingSettings": { + "$ref": "#/components/schemas/shared.RuntimeSecretScrubbingSettings" + }, + "samlEnabled": { + "description": "SamlEnabled indicates whether saml is enabled.\n", + "type": "boolean" + }, + "scan": { + "$ref": "#/components/schemas/shared.ScanSettings" + }, + "secretsStores": { + "$ref": "#/components/schemas/shared.SecretsStores" + }, + "securedConsolePort": { + "description": "MgmtPortHTTPS is the Console HTTPS port.\n", + "type": "integer" + }, + "serverlessAutoDeploy": { + "$ref": "#/components/schemas/shared.ServerlessAutoDeploySpecifications" + }, + "tasDroplets": { + "description": "TASDropletsSpecification is the TAS droplets scanning settings.\n", + "items": { + "$ref": "#/components/schemas/shared.TASDropletSpecification" + }, + "type": "array" + }, + "telemetry": { + "$ref": "#/components/schemas/types.TelemetrySettings" + }, + "token": { + "description": "Token is the token used to access intelligence service.\n", + "type": "string" + }, + "trustedCerts": { + "description": "TrustedCerts is the list of trusted cert to allow in docker access scenarios.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + }, + "type": "array" + }, + "trustedCertsEnabled": { + "description": "TrustedCertsEnabled indicates whether to enable the trusted certificate feature.\n", + "type": "boolean" + }, + "uploadDisabled": { + "description": "UploadDisabled indicates whether logs uploading is disabled.\n", + "type": "boolean" + }, + "version": { + "description": "Version is the current console version.\n", + "type": "string" + }, + "vms": { + "$ref": "#/components/schemas/shared.VMSpecifications" + }, + "webAppsDiscoverySettings": { + "$ref": "#/components/schemas/waas.WebAppsDiscoverySettings" + }, + "wildFireSettings": { + "$ref": "#/components/schemas/shared.WildFireSettings" + }, + "windowsFeedEnabled": { + "description": "WindowsFeedEnabled indicates whether windows feed is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Stages": { + "properties": { + "build": { + "description": "Build is the count of CI scan.\n", + "type": "integer" + }, + "deploy": { + "description": "Deploy is the count of registry Images.\n", + "type": "integer" + }, + "run": { + "description": "Run is the count of deployed Images.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.Stats": { + "description": "Stats represents the status model that is stored in the DB", + "properties": { + "AgentlessAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "_id": { + "description": "ID is the metric type.\n", + "type": "string" + }, + "access": { + "$ref": "#/components/schemas/types.AccessStats" + }, + "appEmbeddedAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "container": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "containerAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/types.NetworkFirewallStats" + }, + "host": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "hostAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "hostComplianceCount": { + "description": "HostComplianceCount is the host compliance count.\n", + "type": "integer" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/types.NetworkFirewallStats" + }, + "incidentsCount": { + "description": "IncidentsCount is the incidents count.\n", + "type": "integer" + }, + "serverless": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "serverlessAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "time": { + "description": "UnixTimestamp is the unix timestamp.\n", + "format": "int64", + "type": "integer" + }, + "vulnerabilities": { + "$ref": "#/components/schemas/types.VulnerabilitiesStats" + } + }, + "type": "object" + }, + "types.Status": { + "description": "Status stores the status of a specific defender or for global features such as intelligence or LDAP", + "properties": { + "_id": { + "description": "ID is the defender identifier if the status is per defender or the type for global statuses.\n", + "type": "string" + }, + "appFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "container": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "features": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "filesystem": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostAutoDeploy": { + "$ref": "#/components/schemas/types.HostAutoDeployStatus" + }, + "hostCustomCompliance": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "image": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "intelligence": { + "$ref": "#/components/schemas/types.IntelligenceStatus" + }, + "lastModified": { + "description": "Datetime the status was last modified.\n", + "format": "date-time", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "outOfBandAppFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "process": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runc": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runtime": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "secrets": { + "$ref": "#/components/schemas/types.SecretsStatus" + }, + "serverlessAutoDeploy": { + "$ref": "#/components/schemas/types.ServerlessAutoDeployStatus" + }, + "serverlessRadar": { + "$ref": "#/components/schemas/types.ServerlessRadarStatus" + }, + "tasDroplets": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "type": { + "$ref": "#/components/schemas/types.StatusType" + }, + "upgrade": { + "$ref": "#/components/schemas/defender.UpgradeStatus" + } + }, + "type": "object" + }, + "types.StatusType": { + "description": "StatusType holds the status of a given flow (defender/intelligence/etc...)\nTODO: Use type in shared.Status object", + "enum": [ + [ + "intelligence", + "secrets", + "serverlessRadar", + "serverlessAutoDeploy", + "hostAutoDeploy" + ] + ], + "type": "string" + }, + "types.Suggestions": { + "properties": { + "suggestions": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.Tags": { + "properties": { + "endpoint_tags": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "server_tags": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.TelemetrySettings": { + "description": "TelemetrySettings is the telemetry settings", + "properties": { + "enabled": { + "description": "Enabled determines whether the telemetry settings are enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Trends": { + "description": "Trends contains data on global trends in the system", + "properties": { + "complianceTrend": { + "description": "ComplianceTrend represents the compliance trend.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceDailyStats" + }, + "type": "array" + }, + "defendersSummary": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "DefendersSummary represents the defenders count of each category.\n", + "type": "object" + }, + "vulnerabilitySummary": { + "$ref": "#/components/schemas/types.VulnerabilitySummary" + } + }, + "type": "object" + }, + "types.UserCollection": { + "description": "UserCollection holds general collection properties that are accessible to all users", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "name": { + "description": "Unique name associated with this collection.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.UserPassword": { + "description": "UserPassword represents a new user password", + "properties": { + "newPassword": { + "description": "New password to assign to the user who is invoking the API.\n", + "type": "string" + }, + "oldPassword": { + "description": "User's existing password to replace.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.UserPreferences": { + "description": "UserPreferences are the user global project reference that are persistent between versions", + "properties": { + "_id": { + "description": "User is the user name.\n", + "type": "string" + }, + "hideGuidedTour": { + "description": "HideGuidedTour indicates that guided tour should be hidden.\n", + "type": "boolean" + }, + "hideProjectDialog": { + "description": "HideProjectsDialog indicates the initial project selection dialog should be hidden.\n", + "type": "boolean" + }, + "waasRulesNotificationDismissed": { + "description": "WaasRulesNotificationDismiss indicates the time the user dismissed the waas added rules top bar.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "types.UserProject": { + "description": "UserProject holds general project properties that are accessible to all users", + "properties": { + "_id": { + "description": "ID is the project id.\n", + "type": "string" + }, + "address": { + "description": "Address is project address.\n", + "type": "string" + }, + "connected": { + "description": "Connected indicates if the project is currently disconnected due to an error.\n", + "type": "boolean" + }, + "creationTime": { + "description": "CreationTime is the project creation time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.VulnImpactedResources": { + "description": "VulnImpactedResources holds details about the resources impacted by vulnerability", + "properties": { + "_id": { + "description": "ID is the CVE ID (index for the impacted resources).\n", + "type": "string" + }, + "functions": { + "description": "Functions is a map between function id to its details.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "functionsCount": { + "description": "FunctionsCount is the total impacted functions count.\n", + "type": "integer" + }, + "hosts": { + "description": "Hosts is the list of impacted hosts.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "hostsCount": { + "description": "HostsCount is the total impacted hosts count.\n", + "type": "integer" + }, + "images": { + "description": "Images is the list of impacted hosts.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "imagesCount": { + "description": "ImagesCount is the total impacted images count.\n", + "type": "integer" + }, + "registryImages": { + "description": "RegistryImages is a list of impacted registry images.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "registryImagesCount": { + "description": "RegistryImagesCount is the total impacted registry images count.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.VulnSummary": { + "properties": { + "highestCVSSScore": { + "description": ".\n", + "format": "float", + "type": "number" + }, + "vulnFunnel": { + "$ref": "#/components/schemas/vuln.Funnel" + } + }, + "type": "object" + }, + "types.VulnerabilitiesStats": { + "description": "VulnerabilitiesStats are measures the total number of vulnerabilities in a specific images", + "properties": { + "containerCompliance": { + "description": "ContainerCompliance is the sum of all compliance issues for all running containers.\n", + "type": "integer" + }, + "imageCompliance": { + "description": "ImageCompliance is the sum of all compliance issues of all running images.\n", + "type": "integer" + }, + "imageCve": { + "description": "ImageCVE is the sum of cve vulnerabilities of all running images.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.VulnerabilityInfo": { + "description": "VulnerabilityInfo holds information about vulnerability used for VulnerabilityExplorer", + "properties": { + "cve": { + "description": "CVE ID.\n", + "type": "string" + }, + "description": { + "description": "Vulnerability description.\n", + "type": "string" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "highestCVSS": { + "description": "HighestCVSS is the highest CVSS score of the vulnerability.\n", + "format": "float", + "type": "number" + }, + "highestRiskFactors": { + "$ref": "#/components/schemas/types.RiskScoreFactors" + }, + "highestSeverity": { + "description": "HighestSeverity is the highest severity of the vulnerability.\n", + "type": "string" + }, + "impactedPkgs": { + "description": "Packages impacted by the vulnerability.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "impactedResourceType": { + "$ref": "#/components/schemas/vuln.ResourceType" + }, + "impactedResourcesCnt": { + "description": "Number of resources impacted by this vulnerability.\n", + "type": "integer" + }, + "link": { + "description": "Link to CVE.\n", + "type": "string" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "riskScore": { + "description": "Risk score.\n", + "format": "float", + "type": "number" + }, + "status": { + "description": "CVE status.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.VulnerabilityStats": { + "description": "VulnerabilityStats holds statistics about vulnerabilities issues", + "properties": { + "_id": { + "description": "ID of the vulnerability stats.\n", + "type": "string" + }, + "containers": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "functions": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "hosts": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "images": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "modified": { + "description": "Date/time when the entity was modified.\n", + "format": "date-time", + "type": "string" + }, + "registryImages": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + } + }, + "type": "object" + }, + "types.VulnerabilitySummary": { + "description": "VulnerabilitySummary represents the stats of each impacted entity", + "properties": { + "containers": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "functions": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "hosts": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "images": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "registryImages": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "types.XSOARAlerts": { + "description": "XSOARAlerts is a list of XSOAR alerts", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "uint": { + "type": "integer" + }, + "uint32": { + "type": "integer" + }, + "uint64": { + "type": "integer" + }, + "uint8": { + "type": "integer" + }, + "vuln.AllCompliance": { + "description": "AllCompliance contains data regarding passed compliance checks", + "properties": { + "compliance": { + "description": "Compliance are all the passed compliance checks.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled indicates whether passed compliance checks is enabled by policy.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "vuln.Application": { + "description": "Application represents a detected application", + "properties": { + "installedFromPackage": { + "description": "Indicates that the app was installed as an OS package.\n", + "type": "boolean" + }, + "knownVulnerabilities": { + "description": "Total number of vulnerabilities for this application.\n", + "type": "integer" + }, + "layerTime": { + "description": "Image layer to which the application belongs - layer creation time.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "Name of the application.\n", + "type": "string" + }, + "originPackageName": { + "description": "OriginPackageName is the name of the app origin package.\n", + "type": "string" + }, + "path": { + "description": "Path of the detected application.\n", + "type": "string" + }, + "service": { + "description": "Service indicates whether the application is installed as a service.\n", + "type": "boolean" + }, + "version": { + "description": "Version of the application.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.ComplianceCategory": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + }, + "vuln.ComplianceTemplate": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + }, + "vuln.Condition": { + "description": "Condition are extended options for vulnerability assessment in authorization flows", + "properties": { + "block": { + "description": "Specifies the effect. If true, the effect is block.\n", + "type": "boolean" + }, + "id": { + "description": "Vulnerability ID.\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.CustomVulnerabilities": { + "description": "CustomVulnerabilities is a collection of custom vulnerabilities\nTBD: this storage usage is not best practice, should be migrate to a 1 document per vulnerability", + "properties": { + "_id": { + "description": "ID is the custom vulnerabilities feed ID.\n", + "type": "string" + }, + "digest": { + "description": "Digest is the internal custom vulnerabilities feed digest.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of custom vulnerabilities rules.\n", + "items": { + "$ref": "#/components/schemas/vuln.CustomVulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "vuln.CustomVulnerability": { + "description": "CustomVulnerability is a user customized vulnerability", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "maxVersionInclusive": { + "description": ".\n", + "type": "string" + }, + "md5": { + "description": ".\n", + "type": "string" + }, + "minVersionInclusive": { + "description": ".\n", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "package": { + "description": ".\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "vuln.Distribution": { + "description": "Distribution counts the number of vulnerabilities per type", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + }, + "total": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.Effect": { + "description": "Effect specifies relevant action for a vulnerability", + "enum": [ + [ + "ignore", + "alert", + "block" + ] + ], + "type": "string" + }, + "vuln.ExpirationDate": { + "description": "ExpirationDate is the vulnerability expiration date", + "properties": { + "date": { + "description": "Date is the vulnerability expiration date.\n", + "format": "date-time", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates that the grace period is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "vuln.Funnel": { + "description": "Funnel is the vulnerability funnel", + "properties": { + "exploitable": { + "description": ".\n", + "type": "integer" + }, + "packageInUse": { + "description": ".\n", + "type": "integer" + }, + "patchable": { + "description": ".\n", + "type": "integer" + }, + "total": { + "description": ".\n", + "type": "integer" + }, + "urgent": { + "description": "Urgent is the number of critical and high CVEs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.ResourceType": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + }, + "vuln.Secret": { + "description": "Secret represents a secret found on the scanned workload", + "properties": { + "locationInFile": { + "description": "LocationInFile is the line and offset in the file where the secret was found.\n", + "type": "string" + }, + "modifiedTime": { + "description": "ModifiedTime is the modification time of the file containing the secret.\n", + "format": "int64", + "type": "integer" + }, + "path": { + "description": "Path is the path of the file in which the secret was found.\n", + "type": "string" + }, + "secretID": { + "description": "SecretID is the SHA1 of the secret content.\n", + "type": "string" + }, + "snippet": { + "description": "Snippet is the partial plain secret.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/vuln.SecretType" + } + }, + "type": "object" + }, + "vuln.SecretType": { + "description": "SecretType represents a secret type", + "enum": [ + [ + "AWS Access Key ID", + "AWS Secret Key", + "AWS MWS Auth Token", + "Azure Storage Account Access Key", + "Azure Service Principal", + "GCP Service Account Auth Key", + "Private Encryption Key", + "Public Encryption Key", + "PEM X509 Certificate Header", + "SSH Authorized Keys", + "Artifactory API Token", + "Artifactory Password", + "Basic Auth Credentials", + "Mailchimp Access Key", + "NPM Token", + "Slack Token", + "Slack Webhook", + "Square OAuth Secret", + "Notion Integration Token", + "Airtable API Key", + "Atlassian Oauth2 Keys", + "CircleCI Personal Token", + "Databricks Authentication Token", + "GitHub Token", + "GitLab Token", + "Google API key", + "Grafana Token", + "Python Package Index Key (PYPI)", + "Typeform API Token", + "Scalr Token", + "Braintree Access Token", + "Braintree Payments Key", + "Paypal Token Key", + "Braintree Payments ID", + "Datadog Client Token", + "ClickUp Personal API Token", + "OpenAI API Key", + "Java DB Connectivity (JDBC)", + "MongoDB", + ".Net SQL Server" + ] + ], + "type": "string" + }, + "vuln.TagInfo": { + "description": "TagInfo is the tag info in a specific vulnerability context", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "comment": { + "description": "Tag comment in a specific vulnerability context.\n", + "type": "string" + }, + "name": { + "description": "Name of the tag.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.TagType": { + "description": "TagType specifies the resource type for tagging where the vulnerability is found. Use the wildcard `*` to apply the tag to all the resource types where the vulnerability is found", + "enum": [ + [ + "image", + "host", + "function", + "" + ] + ], + "type": "string" + }, + "vuln.Vulnerability": { + "description": "Vulnerability is a general schema for vulnerabilities (e.g., for compliance or packages)", + "properties": { + "applicableRules": { + "description": "Rules applied on the package.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "binaryPkgs": { + "description": "Names of the distro binary package names (packages which are built from the source of the package).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "block": { + "description": "Indicates if the vulnerability has a block effect (true) or not (false).\n", + "type": "boolean" + }, + "cause": { + "description": "Additional information regarding the root cause for the vulnerability.\n", + "type": "string" + }, + "cri": { + "description": "Indicates if this is a CRI-specific vulnerability (true) or not (false).\n", + "type": "boolean" + }, + "custom": { + "description": "Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).\n", + "type": "boolean" + }, + "cve": { + "description": "CVE ID of the vulnerability (if applied).\n", + "type": "string" + }, + "cvss": { + "description": "CVSS score of the vulnerability.\n", + "format": "float", + "type": "number" + }, + "description": { + "description": "Description of the vulnerability.\n", + "type": "string" + }, + "discovered": { + "description": "Specifies the time of discovery for the vulnerability.\n", + "format": "date-time", + "type": "string" + }, + "exploit": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "fixDate": { + "description": "Date/time when the vulnerability was fixed (in Unix time).\n", + "format": "int64", + "type": "integer" + }, + "fixLink": { + "description": "Link to the vendor's fixed-version information.\n", + "type": "string" + }, + "functionLayer": { + "description": "Specifies the serverless layer ID in which the vulnerability was discovered.\n", + "type": "string" + }, + "gracePeriodDays": { + "description": "Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.\n", + "type": "integer" + }, + "id": { + "description": "ID of the violation.\n", + "type": "integer" + }, + "layerTime": { + "description": "Date/time of the image layer to which the CVE belongs.\n", + "format": "int64", + "type": "integer" + }, + "link": { + "description": "Vendor link to the CVE.\n", + "type": "string" + }, + "packageName": { + "description": "Name of the package that caused the vulnerability.\n", + "type": "string" + }, + "packageType": { + "$ref": "#/components/schemas/packages.Type" + }, + "packageVersion": { + "description": "Version of the package that caused the vulnerability (or null).\n", + "type": "string" + }, + "published": { + "description": "Date/time when the vulnerability was published (in Unix time).\n", + "format": "int64", + "type": "integer" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "secret": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "severity": { + "description": "Textual representation of the vulnerability's severity.\n", + "type": "string" + }, + "status": { + "description": "Vendor status for the vulnerability.\n", + "type": "string" + }, + "templates": { + "description": "List of templates with which the vulnerability is associated.\n", + "items": { + "$ref": "#/components/schemas/vuln.ComplianceTemplate" + }, + "type": "array" + }, + "text": { + "description": "Description of the violation.\n", + "type": "string" + }, + "title": { + "description": "Compliance title.\n", + "type": "string" + }, + "twistlock": { + "description": "Indicates if this is a Twistlock-specific vulnerability (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.Type" + }, + "vecStr": { + "description": "Textual representation of the metric values used to score the vulnerability.\n", + "type": "string" + }, + "vulnTagInfos": { + "description": "Tag information for the vulnerability.\n", + "items": { + "$ref": "#/components/schemas/vuln.TagInfo" + }, + "type": "array" + }, + "wildfireMalware": { + "$ref": "#/components/schemas/vuln.WildFireMalware" + } + }, + "type": "object" + }, + "vuln.WildFireMalware": { + "description": "WildFireMalware holds the data for WildFire malicious MD5", + "properties": { + "md5": { + "description": "MD5 is the hash of the malicious binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the path to malicious binary.\n", + "type": "string" + }, + "verdict": { + "description": "Verdict is the malicious source like grayware, malware and phishing.\n", + "type": "string" + } + }, + "type": "object" + }, + "vulnerability.CPUArch": { + "description": "CPUArch represents the CPU architecture", + "type": "integer" + }, + "vulnerability.CPUArchs": { + "description": "CPUArchs represents list of cpu architectures", + "items": { + "$ref": "#/components/schemas/vulnerability.CPUArch" + }, + "type": "array" + }, + "vulnerability.CVEType": { + "description": "CVEType represents the type of a CVE", + "enum": [ + [ + "python", + "gem", + "nodejs", + "jar", + "package", + "product", + "app", + "go", + "nuget", + "osConditions" + ] + ], + "type": "string" + }, + "vulnerability.Conditions": { + "description": "Conditions represents a list of CVE rules (used to determine whether a CVE applies to a given package)", + "items": { + "$ref": "#/components/schemas/vulnerability.Rules" + }, + "type": "array" + }, + "vulnerability.CpeIDs": { + "items": { + "$ref": "#/components/schemas/uint32" + }, + "type": "array" + }, + "vulnerability.ExploitData": { + "description": "ExploitData holds information about an exploit", + "properties": { + "kind": { + "$ref": "#/components/schemas/vulnerability.ExploitKind" + }, + "link": { + "description": "Link is a link to information about the exploit.\n", + "type": "string" + }, + "source": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + } + }, + "type": "object" + }, + "vulnerability.ExploitKind": { + "description": "ExploitKind represents the kind of the exploit", + "enum": [ + [ + "poc", + "in-the-wild" + ] + ], + "type": "string" + }, + "vulnerability.ExploitType": { + "description": "ExploitType represents the source of an exploit", + "enum": [ + [ + "", + "exploit-db", + "exploit-windows", + "cisa-kev" + ] + ], + "type": "string" + }, + "vulnerability.Exploits": { + "description": "Exploits represents the exploits data found for a CVE", + "items": { + "$ref": "#/components/schemas/vulnerability.ExploitData" + }, + "type": "array" + }, + "vulnerability.RHELCpeHashes": { + "description": "RHELCpeHashes represent the CPE hashes associated with a given Red Hat repository", + "items": { + "$ref": "#/components/schemas/uint32" + }, + "type": "array" + }, + "vulnerability.RiskFactor": { + "description": "RiskFactor represents a vulnerability risk factor, used in determining a vulnerability risk score", + "enum": [ + [ + "Critical severity", + "High severity", + "Medium severity", + "Has fix", + "Remote execution", + "DoS - Low", + "DoS - High", + "Recent vulnerability", + "Exploit exists - in the wild", + "Exploit exists - POC", + "Attack complexity: low", + "Attack vector: network", + "Reachable from the internet", + "Listening ports", + "Container is running as root", + "No mandatory security profile applied", + "Running as privileged container", + "Package in use", + "Sensitive information", + "Root mount", + "Runtime socket", + "Host access" + ] + ], + "type": "string" + }, + "vulnerability.RiskFactors": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "RiskFactors maps the existence of vulnerability risk factors", + "type": "object" + }, + "vulnerability.Rules": { + "description": "Rules represents a list of CVE assessment rules (used to determine whether a CVE applies to a given package)", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerability.Symbols": { + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerability.Type": { + "description": "Type represents the vulnerability type", + "enum": [ + [ + "container", + "image", + "host_config", + "daemon_config", + "daemon_config_files", + "security_operations", + "k8s_master", + "k8s_worker", + "k8s_federation", + "linux", + "windows", + "istio", + "serverless", + "custom", + "docker_stig", + "openshift_master", + "openshift_worker", + "application_control_linux", + "gke_worker", + "image_malware", + "host_malware", + "aks_worker", + "eks_worker", + "image_secret", + "host_secret" + ] + ], + "type": "string" + }, + "waas.APIChangeDetails": { + "description": "APIChangeDetails contains the details of the API change", + "properties": { + "changeType": { + "$ref": "#/components/schemas/waas.APIChangesType" + }, + "date": { + "description": "Date is the change date.\n", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "Value the value of the change - if applicable.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.APIChangesType": { + "description": "APIChangesType is used to represent the supported API changes types", + "type": "integer" + }, + "waas.APIProtectionStatus": { + "enum": [ + [ + "unprotected", + "monitored", + "protected" + ] + ], + "type": "string" + }, + "waas.APIRequest": { + "description": "APIRequest represents a single API request and its data", + "properties": { + "bodySchema": { + "$ref": "#/components/schemas/waas.BodySchema" + }, + "bodySchemaDiffExceededLimit": { + "description": "BodySchemaDiffExceededLimit is the date that the request body schema exceeded the size limit for finding body schema changes.\n", + "format": "date-time", + "type": "string" + }, + "clientTypes": { + "description": "ClientTypes are the client types used to access this path.\n", + "items": { + "$ref": "#/components/schemas/waas.ClientType" + }, + "type": "array" + }, + "contentType": { + "description": "ContentType is the request content type.\n", + "type": "string" + }, + "firstSeen": { + "description": "FirstSeen is the date when this path was first seen.\n", + "format": "date-time", + "type": "string" + }, + "hits": { + "description": "Hits are amount of hits on this path.\n", + "type": "integer" + }, + "lastChanged": { + "description": "LastChanged is the date when this path was last changed.\n", + "format": "date-time", + "type": "string" + }, + "lastSeen": { + "description": "LastSeen is the date when this path was last seen.\n", + "format": "date-time", + "type": "string" + }, + "method": { + "description": "Method is the HTTP method of the API request.\n", + "type": "string" + }, + "owaspAPIAttacks": { + "description": "OWASPAPIAttacks are the OWASP API Top10 attacks that were found on the API.\n", + "items": { + "$ref": "#/components/schemas/waas.OWASPAPITop10" + }, + "type": "array" + }, + "path": { + "description": "Path is the path of the API request.\n", + "type": "string" + }, + "protected": { + "description": "Protected indicates that the method+path are protected by WAAS API Protection.\n", + "type": "boolean" + }, + "public": { + "description": "Public indicates this path may be accessed from the internet.\n", + "type": "boolean" + }, + "queryParameters": { + "description": "QueryParameters are the query parameters of the API request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "requestSizeDistribution": { + "$ref": "#/components/schemas/waas.SizeRangeDistribution" + }, + "requestSizeTotal": { + "description": "RequestSizeTotal is the total request body size.\n", + "type": "integer" + }, + "requiresAuthentication": { + "description": "RequiresAuthentication indicated this path requires authentication to access.\n", + "type": "boolean" + }, + "responseContentType": { + "description": "ResponseContentType is the response content type.\n", + "type": "string" + }, + "responseSensitiveData": { + "description": "ResponseSensitiveData indicated this path may be used with sensitive data attached in response.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "responseSizeDistribution": { + "$ref": "#/components/schemas/waas.SizeRangeDistribution" + }, + "responseSizeTotal": { + "description": "ResponseSizeTotal is the total response body size.\n", + "type": "integer" + }, + "sensitiveData": { + "description": "RequestSensitiveData indicated this path may be used with sensitive data attached in request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "servers": { + "description": "Servers are the destination servers (including port and schema) of the API request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "sourceIP": { + "description": "SourceIP is the source IP of the API request.\n", + "type": "string" + }, + "statusCodeDistribution": { + "$ref": "#/components/schemas/waas.StatusCodeDistribution" + } + }, + "type": "object" + }, + "waas.APISpec": { + "description": "APISpec is an API specification", + "properties": { + "description": { + "description": "Description of the app.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "endpoints": { + "description": "The app's endpoints.\n", + "items": { + "$ref": "#/components/schemas/waas.Endpoint" + }, + "type": "array" + }, + "fallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "paths": { + "description": "Paths of the API's endpoints.\n", + "items": { + "$ref": "#/components/schemas/waas.Path" + }, + "type": "array" + }, + "queryParamFallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.APIStats": { + "description": "APIStats contains the API stats that occurred since the last stats dump", + "properties": { + "actionCounts": { + "$ref": "#/components/schemas/waas.ActionStats" + }, + "attackTypeStats": { + "$ref": "#/components/schemas/waas.AttackTypeStats" + }, + "blockedRequests": { + "description": "BlockedRequests is the number of blocked requests since last dump.\n", + "type": "integer" + }, + "forwardedRequests": { + "description": "ForwardedRequests is the number of forwarded requests since last dump.\n", + "type": "integer" + }, + "geoData": { + "$ref": "#/components/schemas/waas.GeoData" + }, + "inspectedBodyBytes": { + "description": "InspectedBodyBytes are the total request and response inspected body bytes.\n", + "type": "integer" + }, + "inspectionLimitExceeded": { + "description": "InspectionLimitExceeded is the total number of requests in which the body size exceeds inspection limit.\n", + "type": "integer" + }, + "interstitialPages": { + "description": "InterstitialPages is the number of interstitial pages served.\n", + "type": "integer" + }, + "lastErrs": { + "description": "LastErrs is the last errors that occurred, storing up to 20 errors.\n", + "items": { + "$ref": "#/components/schemas/waas.ReqErrorCtx" + }, + "type": "array" + }, + "maxRequestInspectionDuration": { + "description": "MaxRequestInspectionDuration is the maximum request inspection duration (time spent in waas until request was forwarded).\n", + "format": "int64", + "type": "integer" + }, + "maxResponseSizeBytes": { + "description": "MaxResponseSizeBytes contains the max response size.\n", + "type": "integer" + }, + "parsingErrs": { + "description": "ParsingErrs is a counter of the parsing errors that occurred.\n", + "type": "integer" + }, + "reCAPTCHAs": { + "description": "ReCAPTCHAs is the number of reCAPTCHA pages served.\n", + "type": "integer" + }, + "responseCodeStats": { + "$ref": "#/components/schemas/waas.ResponseCodeStats" + }, + "totalErrs": { + "description": "TotalErrs is a counter of the errors that occurred.\n", + "type": "integer" + }, + "totalForwardedRequestsDuration": { + "description": "TotalForwardedRequestsDuration is the total request duration for forwarded requests.\n", + "format": "int64", + "type": "integer" + }, + "totalRequestInspectionDuration": { + "description": "TotalRequestInspectionDuration is the total request inspection duration (time spent in waas until request was forwarded).\n", + "format": "int64", + "type": "integer" + }, + "totalRequests": { + "description": "TotalRequests is the number of incoming requests since last dump.\n", + "type": "integer" + }, + "totalResponseSizeBytes": { + "description": "TotalResponsesSizeBytes is the total APIs response size.\n", + "type": "integer" + }, + "totalTimeouts": { + "description": "TotalTimeouts is the number of timed out responses.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AccessControls": { + "description": "AccessControls contains the access controls config (e.g., denied/allowed sources)", + "properties": { + "alert": { + "description": "Alert are the denied sources for which we alert.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allow": { + "description": "Allow are the allowed sources for which we don't alert or prevent.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allowMode": { + "description": "AllowMode indicates allowlist (true) or denylist (false) mode.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates if access controls protection is enabled.\n", + "type": "boolean" + }, + "fallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "prevent": { + "description": "Prevent are the denied sources.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ActionStats": { + "description": "ActionStats contains the WAAS action stats", + "properties": { + "alert": { + "description": "Alerts is the number of Alert actions.\n", + "type": "integer" + }, + "ban": { + "description": "Bans is the number of Ban actions.\n", + "type": "integer" + }, + "prevent": { + "description": "Prevents is the number of Prevent actions.\n", + "type": "integer" + }, + "reCAPTCHA": { + "description": "ReCAPTCHAs is the number of reCAPTCHA actions.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AgentlessPolicyState": { + "description": "AgentlessPolicyState is the state of the agentless policy", + "properties": { + "deletedRules": { + "description": "DeletedRules are rules that were deleted but their VPC deployments have not been terminated.\n", + "items": { + "$ref": "#/components/schemas/waas.Rule" + }, + "type": "array" + }, + "states": { + "description": "States are the VPC configuration states.\n", + "items": { + "$ref": "#/components/schemas/waas.VPCConfigState" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.AppProtectionStats": { + "description": "AppProtectionStats contains the app protection status statistics", + "properties": { + "protected": { + "description": "Protected indicates the amount of protected WAAS app entities (containers/hosts).\n", + "type": "integer" + }, + "unprotected": { + "description": "Unprotected indicates the amount of unprotected WAAS app entities (containers/hosts).\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AppStats": { + "description": "AppStats contains the WAAS app policy statistics", + "properties": { + "accessControl": { + "description": "AccessControl is the total amount of apps with Access Control policy.\n", + "type": "integer" + }, + "bot": { + "description": "Bot is the total amount of apps with Bot Protection policy.\n", + "type": "integer" + }, + "customRulesEnabled": { + "description": "CustomRulesEnabled is the total amount of apps with Custom Rules enabled.\n", + "type": "integer" + }, + "dos": { + "description": "DoS is the total amount of apps with DoS Protection policy.\n", + "type": "integer" + }, + "waf": { + "description": "WAF is the total amount of apps with WAF policy.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.ApplicationSpec": { + "description": "ApplicationSpec is an application of a firewall instance", + "properties": { + "apiSpec": { + "$ref": "#/components/schemas/waas.APISpec" + }, + "appID": { + "description": "Unique ID for the app.\n", + "type": "string" + }, + "attackTools": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "autoApplyPatchesSpec": { + "$ref": "#/components/schemas/waas.AutoApplyPatchesSpec" + }, + "banDurationMinutes": { + "description": "Ban duration, in minutes.\n", + "type": "integer" + }, + "body": { + "$ref": "#/components/schemas/waas.BodyConfig" + }, + "botProtectionSpec": { + "$ref": "#/components/schemas/waas.BotProtectionSpec" + }, + "certificate": { + "$ref": "#/components/schemas/common.Secret" + }, + "clickjackingEnabled": { + "description": "Indicates whether clickjacking protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "cmdi": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "codeInjection": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "csrfEnabled": { + "description": "Indicates whether Cross-Site Request Forgery (CSRF) protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "customBlockResponse": { + "$ref": "#/components/schemas/waas.CustomBlockResponseConfig" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disableEventIDHeader": { + "description": "Indicates if event ID header should be attached to the response or not.\n", + "type": "boolean" + }, + "dosConfig": { + "$ref": "#/components/schemas/waas.DoSConfig" + }, + "headerSpecs": { + "description": "Configuration for inspecting HTTP headers.\n", + "items": { + "$ref": "#/components/schemas/waas.HeaderSpec" + }, + "type": "array" + }, + "intelGathering": { + "$ref": "#/components/schemas/waas.IntelGatheringConfig" + }, + "lfi": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "malformedReq": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "maliciousUpload": { + "$ref": "#/components/schemas/waas.MaliciousUploadConfig" + }, + "networkControls": { + "$ref": "#/components/schemas/waas.NetworkControls" + }, + "remoteHostForwarding": { + "$ref": "#/components/schemas/waas.RemoteHostForwardingConfig" + }, + "responseHeaderSpecs": { + "description": "Configuration for modifying HTTP response headers.\n", + "items": { + "$ref": "#/components/schemas/waas.ResponseHeaderSpec" + }, + "type": "array" + }, + "sessionCookieBan": { + "description": "Indicates if bans in this app are made by session cookie ID (true) or false (not).\n", + "type": "boolean" + }, + "sessionCookieEnabled": { + "description": "Indicates if session cookies are enabled (true) or not (false).\n", + "type": "boolean" + }, + "sessionCookieSameSite": { + "$ref": "#/components/schemas/waas.SameSite" + }, + "sessionCookieSecure": { + "description": "Indicates the Secure attribute of the session cookie.\n", + "type": "boolean" + }, + "shellshock": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "sqli": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "tlsConfig": { + "$ref": "#/components/schemas/waas.TLSConfig" + }, + "xss": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + } + }, + "type": "object" + }, + "waas.AttackType": { + "description": "AttackType is the type of the attack", + "enum": [ + [ + "xss", + "sqli", + "cmdi", + "lfi", + "codeInjection", + "deniedIP", + "deniedCountry", + "header", + "violationsExceeded", + "attackTools", + "shellshock", + "disallowedFile", + "malformedRequest", + "inspectionLimitExceeded", + "informationLeak", + "unexpectedAPI", + "dos", + "searchEngineCrawler", + "businessAnalyticsBot", + "educationalBot", + "newsBot", + "financialBot", + "contentFeedClient", + "archivingBot", + "careerSearchBot", + "mediaSearchBot", + "genericBot", + "webAutomationTool", + "webScraper", + "apiLibrary", + "httpLibrary", + "sessionValidation", + "javascriptTimeout", + "missingCookie", + "browserImpersonation", + "botImpersonation", + "requestAnomalies", + "userDefinedBot", + "recaptchaRequired", + "recaptchaVerificationFailed", + "customRule", + "publicSensitiveDataWithoutAuthentication", + "publicSensitiveDataWithoutEncryption" + ] + ], + "type": "string" + }, + "waas.AttackTypeStats": { + "description": "AttackTypeStats are the WAAS attack type stats", + "properties": { + "accessControl": { + "description": "AccessControl is the count of access control attacks.\n", + "type": "integer" + }, + "apiProtection": { + "description": "APIProtection is the count of API Protection attacks.\n", + "type": "integer" + }, + "attackTools": { + "description": "AttackTools is the count of attack tool attacks.\n", + "type": "integer" + }, + "bots": { + "description": "Bots is the count of Bot attacks.\n", + "type": "integer" + }, + "cmdInjection": { + "description": "CMDInjection is the count of command injection attacks.\n", + "type": "integer" + }, + "codeInjection": { + "description": "CodeInjection is the count of code injection attacks.\n", + "type": "integer" + }, + "customRules": { + "description": "CustomRules is the count of attacks detected by custom rules.\n", + "type": "integer" + }, + "dos": { + "description": "DoS is the count of DoS attacks.\n", + "type": "integer" + }, + "lfi": { + "description": "LFI is the count of local file injection attacks.\n", + "type": "integer" + }, + "sqlInjection": { + "description": "SQLInjection is the count of SQL injection attacks.\n", + "type": "integer" + }, + "waf": { + "description": "WAF is the count of WAF protection attacks.\n", + "type": "integer" + }, + "xss": { + "description": "XSS is the count of XSS attacks.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AutoApplyPatchesSpec": { + "description": "AutoApplyPatchesSpec is the configuration for automation apply patches protection", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.BodyConfig": { + "description": "BodyConfig represents app configuration related to HTTP Body", + "properties": { + "inspectionLimitExceededEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "inspectionSizeBytes": { + "description": "InspectionSizeBytes represents the max amount of data to inspect in request body.\n", + "type": "integer" + }, + "skip": { + "description": "Skip indicates that body inspection should be skipped.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.BodySchema": { + "description": "BodySchema is the request's body schema", + "properties": { + "contentType": { + "description": "ContentType is the content type the schema represents.\n", + "type": "string" + }, + "head": { + "$ref": "#/components/schemas/waas.BodySchemaNode" + } + }, + "type": "object" + }, + "waas.BodySchemaChildren": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.BodySchemaNode" + }, + "description": "BodySchemaChildren represents a set of body schema children, uniquely identified by the body field's name", + "type": "object" + }, + "waas.BodySchemaNode": { + "description": "BodySchemaNode represents a single body schema node", + "properties": { + "children": { + "$ref": "#/components/schemas/waas.BodySchemaChildren" + }, + "name": { + "description": "Name is the body schema item name (key for json, tag name for xml).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.ParamType" + } + }, + "type": "object" + }, + "waas.BotProtectionSpec": { + "description": "BotProtectionSpec is the bot protections spec", + "properties": { + "interstitialPage": { + "description": "Indicates if an interstitial page is served (true) or not (false).\n", + "type": "boolean" + }, + "jsInjectionSpec": { + "$ref": "#/components/schemas/waas.JSInjectionSpec" + }, + "knownBotProtectionsSpec": { + "$ref": "#/components/schemas/waas.KnownBotProtectionsSpec" + }, + "reCAPTCHASpec": { + "$ref": "#/components/schemas/waas.ReCAPTCHASpec" + }, + "sessionValidation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "unknownBotProtectionSpec": { + "$ref": "#/components/schemas/waas.UnknownBotProtectionSpec" + }, + "userDefinedBots": { + "description": "Effects to perform when user-defined bots are detected.\n", + "items": { + "$ref": "#/components/schemas/waas.UserDefinedBot" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.CertificateMeta": { + "description": "CertificateMeta is the certificate metadata", + "properties": { + "issuerName": { + "description": "IssuerName is the certificate issuer common name.\n", + "type": "string" + }, + "notAfter": { + "description": "NotAfter is the time the certificate is not valid (expiry time).\n", + "format": "date-time", + "type": "string" + }, + "subjectName": { + "description": "SubjectName is the certificate subject common name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.ClientType": { + "description": "ClientType is an HTTP client type", + "enum": [ + [ + "browser", + "mobile", + "httpLib", + "apiLib" + ] + ], + "type": "string" + }, + "waas.CustomBlockResponseConfig": { + "description": "CustomBlockResponseConfig is a custom block message config for a policy", + "properties": { + "body": { + "description": "Custom HTML for the block response.\n", + "type": "string" + }, + "code": { + "description": "Custom HTTP response code for the block response.\n", + "type": "integer" + }, + "enabled": { + "description": "Indicates if the custom block response is enabled (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.CustomReCAPTCHAPageSpec": { + "description": "CustomReCAPTCHAPageSpec is the custom reCAPTCHA page spec", + "properties": { + "body": { + "description": "Custom HTML for the reCAPTCHA page.\n", + "type": "string" + }, + "enabled": { + "description": "Indicates if the custom reCAPTCHA page is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.DailyStats": { + "description": "DailyStats represents the WAAS daily stats", + "properties": { + "_id": { + "description": "Date is date that the daily stats are relevant to.\n", + "type": "string" + }, + "actionStats": { + "$ref": "#/components/schemas/waas.ActionStats" + }, + "attackTypeStats": { + "$ref": "#/components/schemas/waas.AttackTypeStats" + }, + "geoData": { + "$ref": "#/components/schemas/waas.GeoData" + }, + "inspectedBytes": { + "description": "InspectedBytes is total amount body bytes inspected by WAAS.\n", + "type": "integer" + }, + "policyChangeCount": { + "description": "PolicyChangeCount is the amount of policy changes for this day.\n", + "type": "integer" + }, + "totalRequests": { + "description": "TotalRequests is the total request count.\n", + "type": "integer" + }, + "unprotectedAppsVulnStats": { + "$ref": "#/components/schemas/waas.UnprotectedAppsVulnStats" + } + }, + "type": "object" + }, + "waas.Dashboard": { + "description": "Dashboard contains the data of the WAAS Dashboard", + "properties": { + "appProtectionStats": { + "$ref": "#/components/schemas/waas.AppProtectionStats" + }, + "dailyStats": { + "description": "DailyStats are the WAAS daily stats.\n", + "items": { + "$ref": "#/components/schemas/waas.DailyStats" + }, + "type": "array" + }, + "insights": { + "description": "Insights are the current WAAS insights.\n", + "items": { + "$ref": "#/components/schemas/waas.Insight" + }, + "type": "array" + }, + "policyStats": { + "$ref": "#/components/schemas/waas.PolicyStats" + } + }, + "type": "object" + }, + "waas.DiscoveredAPI": { + "description": "DiscoveredAPI represents a single discovered API path+method information's", + "properties": { + "appID": { + "description": "AppID is the app ID.\n", + "type": "string" + }, + "clientTypes": { + "description": "ClientTypes are the client types used to access this path.\n", + "items": { + "$ref": "#/components/schemas/waas.ClientType" + }, + "type": "array" + }, + "firstSeen": { + "description": "FirstSeen is the date when this path was first seen.\n", + "format": "date-time", + "type": "string" + }, + "hits": { + "description": "Hits are amount of hits on this path.\n", + "type": "integer" + }, + "host": { + "description": "Host is the host seen for this API.\n", + "type": "string" + }, + "image": { + "description": "Image is the image names seen for this API.\n", + "type": "string" + }, + "lastChanged": { + "description": "LastChanged is the date when this path was last changed.\n", + "format": "date-time", + "type": "string" + }, + "lastSeen": { + "description": "LastSeen is the date when this path was last seen.\n", + "format": "date-time", + "type": "string" + }, + "method": { + "description": "Method is the API method.\n", + "type": "string" + }, + "owaspAPIAttacks": { + "description": "OWASPAPIAttacks indicates whether OWASP API Top-10 attacks were found on the API.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the API path.\n", + "type": "string" + }, + "protectionStatus": { + "$ref": "#/components/schemas/waas.APIProtectionStatus" + }, + "public": { + "description": "Public indicates this path may be accessed from the internet.\n", + "type": "boolean" + }, + "requiresAuthentication": { + "description": "RequiresAuthentication indicated this path requires authentication to access.\n", + "type": "boolean" + }, + "responseSensitiveData": { + "description": "ResponseSensitiveData indicated this path may be used with sensitive data attached in response.\n", + "type": "boolean" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "riskScore": { + "description": "RiskScore is the sum of all risk factors (used for sorting and filter by risk factors).\n", + "type": "integer" + }, + "ruleID": { + "description": "RuleID is the rule ID.\n", + "type": "string" + }, + "sensitiveData": { + "description": "SensitiveData indicated this path may be used with sensitive data attached in request.\n", + "type": "boolean" + }, + "servers": { + "description": "Servers are the servers seen for this API.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "waas.DoSConfig": { + "description": "DoSConfig is a dos policy specification", + "properties": { + "alert": { + "$ref": "#/components/schemas/waas.DoSRates" + }, + "ban": { + "$ref": "#/components/schemas/waas.DoSRates" + }, + "enabled": { + "description": "Enabled indicates if dos protection is enabled.\n", + "type": "boolean" + }, + "excludedNetworkLists": { + "description": "Network IPs to exclude from DoS tracking.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "matchConditions": { + "description": "Conditions on which to match to track a request. The conditions are \\\"OR\\\"'d together during the check.\n", + "items": { + "$ref": "#/components/schemas/waas.DoSMatchCondition" + }, + "type": "array" + }, + "trackSession": { + "description": "Indicates if the custom session ID generated during bot protection flow is tracked (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.DoSMatchCondition": { + "description": "DoSMatchCondition is used for matching a request for tracking", + "properties": { + "fileTypes": { + "description": "File types for request matching.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "methods": { + "description": "HTTP methods for request matching.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "responseCodeRanges": { + "description": "Response codes for the request's response matching.\n", + "items": { + "$ref": "#/components/schemas/waas.StatusCodeRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.DoSRates": { + "description": "DoSRates specifies dos requests rates (thresholds)", + "properties": { + "average": { + "description": "Average request rate (requests / second).\n", + "type": "integer" + }, + "burst": { + "description": "Burst request rate (requests / second).\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.Effect": { + "description": "Effect is the effect that will be used in the rule", + "enum": [ + [ + "ban", + "prevent", + "alert", + "allow", + "disable", + "reCAPTCHA" + ] + ], + "type": "string" + }, + "waas.Endpoint": { + "description": "Endpoint is an application endpoint", + "properties": { + "basePath": { + "description": "Base path for the endpoint.\n", + "type": "string" + }, + "exposedPort": { + "description": "Exposed port that the proxy is listening on.\n", + "type": "integer" + }, + "grpc": { + "description": "Indicates if the proxy supports gRPC (true) or not (false).\n", + "type": "boolean" + }, + "host": { + "description": "URL address (name or IP) of the endpoint's API specification (e.g., petstore.swagger.io). The address can be prefixed with a wildcard (e.g., *.swagger.io).\n", + "type": "string" + }, + "http2": { + "description": "Indicates if the proxy supports HTTP/2 (true) or not (false).\n", + "type": "boolean" + }, + "internalPort": { + "description": "Internal port that the application is listening on.\n", + "type": "integer" + }, + "tls": { + "description": "Indicates if the connection is secured (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.ExceptionField": { + "description": "ExceptionField is used to perform the protection exception fields", + "properties": { + "key": { + "description": "Field in HTTP request.\n", + "type": "string" + }, + "keyPattern": { + "description": "Match and scrub by keys, relevant when location is not defined.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ExceptionLocation" + }, + "response": { + "description": "Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.\n", + "type": "boolean" + }, + "valuePattern": { + "description": "Match and scrub by values, relevant when location is not defined.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.ExceptionLocation": { + "description": "ExceptionLocation indicates exception http field location", + "enum": [ + [ + "path", + "query", + "queryValues", + "cookie", + "UserAgentHeader", + "header", + "body", + "rawBody", + "XMLPath", + "JSONPath" + ] + ], + "type": "string" + }, + "waas.FeatureExceptions": { + "description": "FeatureExceptions represents subnets that should bypass WAAS features", + "properties": { + "subnets": { + "description": "Subnets are network lists for which requests bypass WAAS features.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.FileType": { + "description": "FileType is the type of an uploaded file", + "enum": [ + [ + "pdf", + "officeLegacy", + "officeOoxml", + "odf", + "jpeg", + "png", + "gif", + "bmp", + "ico", + "avi", + "mp4", + "aac", + "mp3", + "wav", + "zip", + "gzip", + "rar", + "7zip" + ] + ], + "type": "string" + }, + "waas.FirewallType": { + "description": "FirewallType represents the firewall type", + "enum": [ + [ + "host-proxy", + "host-out-of-band", + "container-proxy", + "container-out-of-band", + "app-embedded", + "agentless", + "REST" + ] + ], + "type": "string" + }, + "waas.GeoData": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.TrafficStats" + }, + "description": "GeoData are the per-country traffic stats", + "type": "object" + }, + "waas.HSTSConfig": { + "description": "HSTSConfig is the HTTP Strict Transport Security configuration in order to enforce HSTS header\nsee: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", + "properties": { + "enabled": { + "description": "Enabled indicates if HSTS enforcement is enabled.\n", + "type": "boolean" + }, + "includeSubdomains": { + "description": "IncludeSubdomains indicates if this rule applies to all of the site's subdomains as well.\n", + "type": "boolean" + }, + "maxAgeSeconds": { + "description": "maxAgeSeconds is the time (in seconds) that the browser should remember that a site is only be accessed using HTTPS.\n", + "type": "integer" + }, + "preload": { + "description": "Preload indicates if it should support preload.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.HTTPField": { + "description": "HTTPField is used to perform checks on flags and fields", + "properties": { + "key": { + "description": "Key is the key of the field, if exists (e.g. header and cookie).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.HTTPFieldType" + }, + "value": { + "description": "Value is the value of the field, if exists.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.HTTPFieldType": { + "description": "HTTPFieldType indicates type of http field", + "enum": [ + [ + "method", + "xmlBody", + "jsonBody", + "formBody", + "multipartBody", + "rawBody", + "rawBodyResponse", + "protobufBody", + "query", + "queryParamName", + "cookie", + "header", + "url" + ] + ], + "type": "string" + }, + "waas.HeaderSpec": { + "description": "HeaderSpec is specification for a single header and its allowed or blocked values", + "properties": { + "allow": { + "description": "Indicates if the flow is to be allowed (true) or blocked (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "name": { + "description": "Header name.\n", + "type": "string" + }, + "required": { + "description": "Indicates if the header must be present (true) or not (false).\n", + "type": "boolean" + }, + "values": { + "description": "Wildcard expressions that represent the header value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.Insight": { + "description": "Insight represents an insight on the dashboard", + "properties": { + "message": { + "description": "Message is the display message of the insight.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.InsightType" + } + }, + "type": "object" + }, + "waas.InsightType": { + "description": "InsightType is the insight type", + "enum": [ + [ + "vulnerableUnprotectedApps", + "expiredCertificate", + "upcomingCertificateExpiry", + "noAPIProtection" + ] + ], + "type": "string" + }, + "waas.IntelGatheringConfig": { + "description": "IntelGatheringConfig is the configuration for intelligence gathering protections", + "properties": { + "infoLeakageEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "removeFingerprintsEnabled": { + "description": "Indicates if server fingerprints should be removed (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.JSInjectionSpec": { + "description": "JSInjectionSpec is the js injection protection spec", + "properties": { + "enabled": { + "description": "Indicates if JavaScript injection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "timeoutEffect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.KnownBotProtectionsSpec": { + "description": "KnownBotProtectionsSpec is the known bot protections spec", + "properties": { + "archiving": { + "$ref": "#/components/schemas/waas.Effect" + }, + "businessAnalytics": { + "$ref": "#/components/schemas/waas.Effect" + }, + "careerSearch": { + "$ref": "#/components/schemas/waas.Effect" + }, + "contentFeedClients": { + "$ref": "#/components/schemas/waas.Effect" + }, + "educational": { + "$ref": "#/components/schemas/waas.Effect" + }, + "financial": { + "$ref": "#/components/schemas/waas.Effect" + }, + "mediaSearch": { + "$ref": "#/components/schemas/waas.Effect" + }, + "news": { + "$ref": "#/components/schemas/waas.Effect" + }, + "searchEngineCrawlers": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.MaliciousUploadConfig": { + "description": "MaliciousUploadConfig is the configuration for file upload protection", + "properties": { + "allowedExtensions": { + "description": "Allowed file extensions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allowedFileTypes": { + "description": "Allowed file types.\n", + "items": { + "$ref": "#/components/schemas/waas.FileType" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.Method": { + "description": "Method is a method information", + "properties": { + "method": { + "description": "Type of HTTP request (e.g., PUT, GET, etc.).\n", + "type": "string" + }, + "parameters": { + "description": "Parameters that are part of the HTTP request.\n", + "items": { + "$ref": "#/components/schemas/waas.Param" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.MinTLSVersion": { + "description": "MinTLSVersion is the list of acceptable TLS versions", + "enum": [ + [ + "1.0", + "1.1", + "1.2", + "1.3" + ] + ], + "type": "string" + }, + "waas.MonitoringStats": { + "description": "MonitoringStats are the waas per-profile monitoring stats", + "properties": { + "aggregationStart": { + "description": "AggregationStart indicates when stats aggregation started.\n", + "format": "date-time", + "type": "string" + }, + "firewallType": { + "$ref": "#/components/schemas/waas.FirewallType" + }, + "lastUpdate": { + "description": "LastUpdate indicates when the stats were last updated.\n", + "format": "date-time", + "type": "string" + }, + "profileID": { + "description": "ProfileID is the profile ID.\n", + "type": "string" + }, + "stats": { + "$ref": "#/components/schemas/waas.APIStats" + } + }, + "type": "object" + }, + "waas.NetworkControls": { + "description": "NetworkControls contains the network controls config (e.g., access controls for IPs and countries)", + "properties": { + "advancedProtectionEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "countries": { + "$ref": "#/components/schemas/waas.AccessControls" + }, + "exceptionSubnets": { + "description": "Network lists for which requests completely bypass WAAS checks and protections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "networkControlsExceptionSubnets": { + "$ref": "#/components/schemas/waas.FeatureExceptions" + }, + "subnets": { + "$ref": "#/components/schemas/waas.AccessControls" + } + }, + "type": "object" + }, + "waas.NetworkList": { + "description": "NetworkList represent network list of IP/CIDR in waas", + "properties": { + "_id": { + "description": "Unique ID.\n", + "type": "string" + }, + "description": { + "description": "Description of the network list.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "subnets": { + "description": "List of the IPv4 addresses and IP CIDR blocks.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.OWASPAPITop10": { + "description": "OWASPAPITop10 represents OWASP API top 10 attacks", + "enum": [ + [ + "excessiveDataExposure", + "lackOfResources&RateLimiting", + "brokenFunctionLevelAuthorization", + "securityMisconfiguration", + "injection" + ] + ], + "type": "string" + }, + "waas.OWASPTop10": { + "description": "OWASPTop10 represents OWASP top 10 attacks", + "enum": [ + [ + "brokenAccessControl", + "cryptographicFailures", + "injection", + "insecureDesign" + ] + ], + "type": "string" + }, + "waas.OpenAPIScan": { + "description": "OpenAPIScan represents the OpenAPI file scan", + "properties": { + "_id": { + "description": "ID is the scan identifier.\n", + "type": "string" + }, + "issueResults": { + "description": "IssueResults are the scanned issues results.\n", + "items": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueResult" + }, + "type": "array" + }, + "scanInfo": { + "$ref": "#/components/schemas/waas.OpenAPIScanInfo" + }, + "scanStartTime": { + "description": "ScanStartTime is the scan started.\n", + "format": "date-time", + "type": "string" + }, + "severityDistribution": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssuesSeverityDistribution" + }, + "specInfo": { + "$ref": "#/components/schemas/waas.OpenAPISpecInfo" + } + }, + "type": "object" + }, + "waas.OpenAPIScanInfo": { + "description": "OpenAPIScanInfo is the OpenAPI scan info", + "properties": { + "appID": { + "description": "AppID is the WAAS app id the file was imported from.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "ruleID": { + "description": "RuleID is the WAAS rule id the file was imported from.\n", + "type": "string" + }, + "source": { + "$ref": "#/components/schemas/waas.OpenAPIScanSource" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueMetadata": { + "description": "OpenAPIScanIssueMetadata represents the static metadata of an API definition issue\nFields reflect the KICS metadata,\nExample: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/metadata.json", + "properties": { + "category": { + "description": "Category is the issue category.\n", + "type": "string" + }, + "descriptionText": { + "description": "DescriptionText is the issue description.\n", + "type": "string" + }, + "descriptionUrl": { + "description": "DescriptionURL is the issue information url.\n", + "type": "string" + }, + "id": { + "description": "ID is the unique identifier of the issue metadata.\n", + "type": "string" + }, + "override": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueMetadata" + }, + "description": "Override is the list of possible override fields by OpenAPI version.\n", + "type": "object" + }, + "queryName": { + "description": "Name is the issue name.\n", + "type": "string" + }, + "severity": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueSeverity" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueResult": { + "description": "OpenAPIScanIssueResult represents a specific issue result in the OpenAPI spec file\nFields reflect the KICS rego queries result,\nExample: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/query.rego", + "properties": { + "_id": { + "description": "ID is the issue result ID.\n", + "type": "integer" + }, + "category": { + "description": "Category is the issue category.\n", + "type": "string" + }, + "descriptionText": { + "description": "DescriptionText is the issue description.\n", + "type": "string" + }, + "descriptionUrl": { + "description": "DescriptionURL is the issue information url.\n", + "type": "string" + }, + "id": { + "description": "ID is the unique identifier of the issue metadata.\n", + "type": "string" + }, + "override": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueMetadata" + }, + "description": "Override is the list of possible override fields by OpenAPI version.\n", + "type": "object" + }, + "queryName": { + "description": "Name is the issue name.\n", + "type": "string" + }, + "searchKey": { + "description": "SearchKey is the issue location in the spec file.\n", + "type": "string" + }, + "severity": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueSeverity" + }, + "status": { + "description": "Status is the issue status.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueSeverity": { + "description": "OpenAPIScanIssueSeverity is the OpenAPI spec file issue severity", + "enum": [ + [ + "INFO", + "LOW", + "MEDIUM", + "HIGH" + ] + ], + "type": "string" + }, + "waas.OpenAPIScanIssueStatus": { + "description": "OpenAPIScanIssueStatus represents an OpenAPI file issue status", + "properties": { + "id": { + "description": "ID is the issue result ID.\n", + "type": "integer" + }, + "status": { + "description": "Status is the issue status.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssuesSeverityDistribution": { + "description": "OpenAPIScanIssuesSeverityDistribution counts the number of issues per severity type", + "properties": { + "high": { + "description": "High is the high severity issues count.\n", + "type": "integer" + }, + "info": { + "description": "Info is the info severity issues count.\n", + "type": "integer" + }, + "low": { + "description": "Low is the low severity issues count.\n", + "type": "integer" + }, + "medium": { + "description": "Medium is the medium severity issues count.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.OpenAPIScanSource": { + "description": "OpenAPIScanSource is the scan trigger source", + "enum": [ + [ + "app", + "cli", + "manual" + ] + ], + "type": "string" + }, + "waas.OpenAPISpecInfo": { + "description": "OpenAPISpecInfo is the OpenAPI spec info", + "properties": { + "content": { + "description": "Content is the OpenAPI spec content.\n", + "items": { + "$ref": "#/components/schemas/byte" + }, + "type": "array" + }, + "contentType": { + "description": "ContentType is the OpenAPI spec file content type.\n", + "type": "string" + }, + "fileName": { + "description": "FileName is the OpenAPI spec file name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OutOfBandMode": { + "description": "OutOfBandMode holds the app firewall out-of-band mode", + "enum": [ + [ + "", + "Observation", + "Protection" + ] + ], + "type": "string" + }, + "waas.OutOfBandRuleScope": { + "description": "OutOfBandRuleScope represents the Out-of-Band Rule Scope", + "enum": [ + [ + "container", + "host", + "" + ] + ], + "type": "string" + }, + "waas.Param": { + "description": "Param contains a parameter information", + "properties": { + "allowEmptyValue": { + "description": "Indicates if an empty value is allowed (true) or not (false).\n", + "type": "boolean" + }, + "array": { + "description": "Indicates if multiple values of the specified type are allowed (true) or not (false).\n", + "type": "boolean" + }, + "explode": { + "description": "Indicates if arrays should generate separate parameters for each array item or object property.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ParamLocation" + }, + "max": { + "description": "Maximum allowable value for a numeric parameter.\n", + "format": "double", + "type": "number" + }, + "min": { + "description": "Minimum allowable value for a numeric parameter.\n", + "format": "double", + "type": "number" + }, + "name": { + "description": "Name of the parameter.\n", + "type": "string" + }, + "required": { + "description": "Indicates if the parameter is required (true) or not (false).\n", + "type": "boolean" + }, + "style": { + "$ref": "#/components/schemas/waas.ParamStyle" + }, + "type": { + "$ref": "#/components/schemas/waas.ParamType" + } + }, + "type": "object" + }, + "waas.ParamLocation": { + "description": "ParamLocation is the location of a parameter", + "enum": [ + [ + "path", + "query", + "cookie", + "header", + "body", + "json", + "xml", + "formData", + "multipart" + ] + ], + "type": "string" + }, + "waas.ParamStyle": { + "description": "ParamStyle is a param format style, defined by OpenAPI specification\nIt describes how the parameter value will be serialized depending on the type of the parameter value.\nRef: https://swagger.io/docs/specification/serialization/\nhttps://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#style-examples", + "enum": [ + [ + "simple", + "spaceDelimited", + "tabDelimited", + "pipeDelimited", + "form", + "matrix", + "label" + ] + ], + "type": "string" + }, + "waas.ParamType": { + "description": "ParamType is the type of a parameter, defined by OpenAPI specification\nRef: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types", + "enum": [ + [ + "integer", + "number", + "string", + "boolean", + "array", + "object" + ] + ], + "type": "string" + }, + "waas.Path": { + "description": "Path is an API path information", + "properties": { + "methods": { + "description": "Supported operations for the path (e.g., PUT, GET, etc.).\n", + "items": { + "$ref": "#/components/schemas/waas.Method" + }, + "type": "array" + }, + "path": { + "description": "Relative path to an endpoint such as \\\"/pet/{petId}\\\".\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.Policy": { + "description": "Policy represents the policy", + "properties": { + "_id": { + "description": "Unique internal ID.\n", + "type": "string" + }, + "maxPort": { + "description": "Maximum port number to use in the application firewall.\n", + "type": "integer" + }, + "minPort": { + "description": "Minimum port number to use in the application firewall.\n", + "type": "integer" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/waas.Rule" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.PolicyStats": { + "description": "PolicyStats contains the WAAS policy statistics", + "properties": { + "appStats": { + "$ref": "#/components/schemas/waas.AppStats" + }, + "apps": { + "description": "Apps is the total amount of apps in the WAAS policies.\n", + "type": "integer" + }, + "rules": { + "description": "Rules is the total amount of rules in the WAAS policies.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.Protection": { + "description": "Protection is the type of protection", + "enum": [ + [ + "firewall", + "dos", + "bot", + "custom", + "accessControl" + ] + ], + "type": "string" + }, + "waas.ProtectionConfig": { + "description": "ProtectionConfig represents a WAAS protection config", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "exceptionFields": { + "description": "Exceptions.\n", + "items": { + "$ref": "#/components/schemas/waas.ExceptionField" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ProtectionStatus": { + "description": "ProtectionStatus describes the status of the WAAS protection", + "properties": { + "enabled": { + "description": "Enabled indicates if WAAS proxy protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "outOfBandMode": { + "$ref": "#/components/schemas/waas.OutOfBandMode" + }, + "ports": { + "description": "Ports indicates http open ports associated with the container.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "supported": { + "description": "Supported indicates if WAAS protection is supported (true) or not (false).\n", + "type": "boolean" + }, + "tlsPorts": { + "description": "TLSPorts indicates https open ports associated with the container.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "unprotectedProcesses": { + "description": "UnprotectedProcesses holds the processes that support HTTP/HTTPS without WAAS protection.\n", + "items": { + "$ref": "#/components/schemas/waas.UnprotectedProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ReCAPTCHASpec": { + "description": "ReCAPTCHASpec is the reCAPTCHA spec", + "properties": { + "allSessions": { + "description": "Indicates if the reCAPTCHA page is served at the start of every new session (true) or not (false).\n", + "type": "boolean" + }, + "customPageSpec": { + "$ref": "#/components/schemas/waas.CustomReCAPTCHAPageSpec" + }, + "enabled": { + "description": "Indicates if reCAPTCHA integration is enabled (true) or not (false).\n", + "type": "boolean" + }, + "secretKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "siteKey": { + "description": "ReCAPTCHA site key to use when invoking the reCAPTCHA service.\n", + "type": "string" + }, + "successExpirationHours": { + "description": "Duration for which the indication of reCAPTCHA success is kept. Maximum value is 30 days * 24 = 720 hours.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/waas.ReCAPTCHAType" + } + }, + "type": "object" + }, + "waas.ReCAPTCHAType": { + "description": "ReCAPTCHAType is the reCAPTCHA configured type", + "enum": [ + [ + "checkbox", + "invisible" + ] + ], + "type": "string" + }, + "waas.RemoteHostForwardingConfig": { + "description": "RemoteHostForwardingConfig defines a remote host to forward requests to", + "properties": { + "enabled": { + "description": "Indicates if remote host forwarding is enabled (true) or not (false).\n", + "type": "boolean" + }, + "target": { + "description": "Remote host to forward requests to.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.ReqErrorCtx": { + "description": "ReqErrorCtx is the request error context", + "properties": { + "defender": { + "description": "Defender is the defender name from which the error originated.\n", + "type": "string" + }, + "err": { + "description": "Err is the API error.\n", + "type": "string" + }, + "requestInspectionDuration": { + "description": "RequestInspectionDuration is the request inspection handling time by the WAAS plugins (time spent in WAAS before forwarding the request and handling the response).\n", + "format": "int64", + "type": "integer" + }, + "requestStart": { + "description": "RequestStart is the request start time.\n", + "format": "date-time", + "type": "string" + }, + "route": { + "description": "Route is the API route.\n", + "type": "string" + }, + "serveDuration": { + "description": "ServeDuration is the total request handling time including forwarding and response until the error.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "waas.RequestAnomalies": { + "description": "RequestAnomalies is the request anomalies spec", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "threshold": { + "$ref": "#/components/schemas/waas.RequestAnomalyThreshold" + } + }, + "type": "object" + }, + "waas.RequestAnomalyThreshold": { + "description": "RequestAnomalyThreshold is the score threshold for which request anomaly violation is triggered", + "enum": [ + [ + "3", + "6", + "9" + ] + ], + "type": "integer" + }, + "waas.ResponseCodeStats": { + "description": "ResponseCodeStats holds counts of different response types\nCategories taken from: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status", + "properties": { + "clientErrors": { + "description": "ClientErrors are the codes in the 400-499 range.\n", + "type": "integer" + }, + "informational": { + "description": "Informational are the codes in the 100-199 range.\n", + "type": "integer" + }, + "redirects": { + "description": "Redirects are the codes in the 300-399 range.\n", + "type": "integer" + }, + "serverErrors": { + "description": "ServerErrors are the codes in the 500-599 range.\n", + "type": "integer" + }, + "successful": { + "description": "Successful are the codes in the 200-299 range.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.ResponseHeaderSpec": { + "description": "ResponseHeaderSpec is specification for a single response header to modify", + "properties": { + "name": { + "description": "Header name (will be canonicalized when possible).\n", + "type": "string" + }, + "override": { + "description": "Indicates whether to override existing values (true) or add to them (false).\n", + "type": "boolean" + }, + "values": { + "description": "New header values.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.Rule": { + "description": "Rule represents a single rule that is associated with an app firewall", + "properties": { + "allowMalformedHttpHeaderNames": { + "description": "AllowMalformedHTTPHeaderNames indicates if validation of http request header names should allow non-compliant characters.\n", + "type": "boolean" + }, + "applicationsSpec": { + "description": "List of API specifications in the rule.\n", + "items": { + "$ref": "#/components/schemas/waas.ApplicationSpec" + }, + "type": "array" + }, + "autoProtectPorts": { + "description": "AutoProtectPorts indicates if http ports should be automatically detected and protected.\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "outOfBandScope": { + "$ref": "#/components/schemas/waas.OutOfBandRuleScope" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "readTimeoutSeconds": { + "description": "ReadTimeout is the timeout of request reads in seconds, when no value is specified (0) the timeout is 5 seconds.\n", + "type": "integer" + }, + "skipAPILearning": { + "description": "SkipAPILearning indicates if API discovery is to be skipped (true) or not (false).\n", + "type": "boolean" + }, + "trafficMirroring": { + "$ref": "#/components/schemas/waas.TrafficMirroringConfig" + }, + "windows": { + "description": "Indicates whether the operating system of the app is windows, default is Linux.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.SameSite": { + "description": "SameSite allows a server to define a cookie attribute making it impossible for\nthe browser to send this cookie along with cross-site requests. The main\ngoal is to mitigate the risk of cross-origin information leakage, and provide\nsome protection against cross-site request forgery attacks.\n\nSee https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite for details", + "enum": [ + [ + "Lax", + "Strict", + "None" + ] + ], + "type": "string" + }, + "waas.SensitiveDataSpec": { + "description": "SensitiveDataSpec defined a single sensitive data specification", + "properties": { + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "key": { + "description": "Field in HTTP request.\n", + "type": "string" + }, + "keyPattern": { + "description": "Match and scrub by keys, relevant when location is not defined.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ExceptionLocation" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "placeholder": { + "description": "Placeholder is the placeholder text to replace the matched field content.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "response": { + "description": "Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.\n", + "type": "boolean" + }, + "sensitiveData": { + "description": "SensitiveData indicates this spec is used for marking APIs as using sensitive data for API discovery.\n", + "type": "boolean" + }, + "skipLogScrubbing": { + "description": "SkipLogScrubbing indicates this spec is not used for log scrubbing.\n", + "type": "boolean" + }, + "valuePattern": { + "description": "Match and scrub by values, relevant when location is not defined.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.SensitiveDataSpecs": { + "description": "SensitiveDataSpecs is the sensitive data specifications", + "items": { + "$ref": "#/components/schemas/waas.SensitiveDataSpec" + }, + "type": "array" + }, + "waas.SizeRangeDistribution": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "type": "object" + }, + "waas.StatusCodeDistribution": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "type": "object" + }, + "waas.StatusCodeRange": { + "description": "StatusCodeRange represents a status code range", + "properties": { + "end": { + "description": "End of the range. Can be omitted if using a single status code.\n", + "type": "integer" + }, + "start": { + "description": "Start of the range. Can also be used for a single, non-range value.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.TLSConfig": { + "description": "TLSConfig holds the user TLS configuration and the certificate data", + "properties": { + "HSTSConfig": { + "$ref": "#/components/schemas/waas.HSTSConfig" + }, + "metadata": { + "$ref": "#/components/schemas/waas.CertificateMeta" + }, + "minTLSVersion": { + "$ref": "#/components/schemas/waas.MinTLSVersion" + } + }, + "type": "object" + }, + "waas.TrafficMirroringConfig": { + "description": "TrafficMirroringConfig is the traffic mirroring configuration", + "properties": { + "enabled": { + "description": "TODO #41884 - remove traffic mirroring enabled flag when no longer needed for BC\nEnabled indicates if traffic mirroring is enabled.\n", + "type": "boolean" + }, + "sampling": { + "description": "Sampling indicates if this is a sampling VPC.\n", + "type": "boolean" + }, + "vpcConfig": { + "$ref": "#/components/schemas/waas.VPCConfig" + } + }, + "type": "object" + }, + "waas.TrafficStats": { + "description": "TrafficStats are traffic stats", + "properties": { + "attacks": { + "description": ".\n", + "type": "integer" + }, + "requests": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.UnknownBotProtectionSpec": { + "description": "UnknownBotProtectionSpec is the unknown bot protection spec", + "properties": { + "apiLibraries": { + "$ref": "#/components/schemas/waas.Effect" + }, + "botImpersonation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "browserImpersonation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "generic": { + "$ref": "#/components/schemas/waas.Effect" + }, + "httpLibraries": { + "$ref": "#/components/schemas/waas.Effect" + }, + "requestAnomalies": { + "$ref": "#/components/schemas/waas.RequestAnomalies" + }, + "webAutomationTools": { + "$ref": "#/components/schemas/waas.Effect" + }, + "webScrapers": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.UnprotectedAppsVulnStats": { + "description": "UnprotectedAppsVulnStats contains vulnerability statistics of unprotected web apps", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + }, + "none": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.UnprotectedContainersWebApps": { + "description": "UnprotectedContainersWebApps contains the result of scanning unprotected containers summary", + "properties": { + "_id": { + "description": "Image is the image name.\n", + "type": "string" + }, + "count": { + "description": "Count is the sum of containers using this image.\n", + "type": "integer" + }, + "ports": { + "description": "Ports is the open http ports on containers using this image.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "tlsPorts": { + "description": "TLSPorts is the open https ports on containers using this image.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.UnprotectedHostsWebApps": { + "description": "UnprotectedHostsWebApps contains the result of scanning unprotected hosts summary", + "properties": { + "hostname": { + "description": "Hostname is the host name.\n", + "type": "string" + }, + "unprotectedProcesses": { + "description": "UnprotectedProcesses is processes that uses HTTP/HTTPs but are unprotected by WAAS.\n", + "items": { + "$ref": "#/components/schemas/waas.UnprotectedProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.UnprotectedProcess": { + "description": "UnprotectedProcess holds unprotected processes alongside the port", + "properties": { + "port": { + "description": "Port is the process port.\n", + "type": "integer" + }, + "process": { + "description": "Process is the process name.\n", + "type": "string" + }, + "tls": { + "description": "TLS is the port TLS indication.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.UserDefinedBot": { + "description": "UserDefinedBot indicates a user-defined bot and its effect", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "headerName": { + "description": "Header name which defines the bot.\n", + "type": "string" + }, + "headerValues": { + "description": "Header values corresponding to the header name. Can contain wildcards.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name of the bot.\n", + "type": "string" + }, + "subnets": { + "description": "Subnets where the bot originates. Specify using network lists.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.VPCConfig": { + "description": "VPCConfig is the VPC configuration (there is a 1-to-1 relation with the rule, only one configuration per rule)", + "properties": { + "autoScalingEnabled": { + "description": "AutoScalingEnabled indicates that the deployment is made with auto VPC observer instances scaling.\n", + "type": "boolean" + }, + "autoScalingMaxInstances": { + "description": "AutoScalingMaxInstances is the maximum deployed instances when auto scaling is enabled.\n", + "type": "integer" + }, + "configID": { + "description": "ConfigID is a unique ID for the configuration.\n", + "type": "string" + }, + "consoleHostname": { + "description": "ConsoleHostname represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "instanceNames": { + "description": "InstanceNames are the names of the instances to mirror (can be wildcard).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "instanceType": { + "description": "InstanceType is the instance type to use for the defender instance.\n", + "type": "string" + }, + "ports": { + "description": "Ports are the ports to mirror.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "region": { + "description": "Region is the AWS region the mirrored VMs are located in.\n", + "type": "string" + }, + "subnetID": { + "description": "SubnetID is the ID of the subnet the defender will be deployed in.\n", + "type": "string" + }, + "tags": { + "description": "Tags are the tags to filter for instances to mirror in Key:Value format or \"*\".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vpcID": { + "description": "VPCID is the ID of the VPC to look for instances to mirror and to deploy the defender in.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigMirroredVM": { + "description": "VPCConfigMirroredVM is a VM mirrored by a VPC configuration deployment", + "properties": { + "id": { + "description": "ID is the VM ID.\n", + "type": "string" + }, + "name": { + "description": "Name is the VM name.\n", + "type": "string" + }, + "networkInterfaceID": { + "description": "NetworkInterfaceID is the network interface ID for the VM.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigResource": { + "description": "VPCConfigResource is a resource created by a VPC configuration deployment", + "properties": { + "id": { + "description": "ID is the resource ID.\n", + "type": "string" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + }, + "type": { + "description": "Type is the resource type.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigState": { + "description": "VPCConfigState is the state of a VPC configuration\nThis includes only the state needed by the frontend\nbson bindings do not omit empty as the structure is updated using upsert and fields may need to be set to empty value", + "properties": { + "configID": { + "description": "ConfigID is the ID of the VPC configuration.\n", + "type": "string" + }, + "error": { + "description": "Error is the error received during deployment (on failure).\n", + "type": "string" + }, + "lastUpdate": { + "description": "LastUpdate is the time when the deployment was last updated.\n", + "format": "date-time", + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/waas.VPCConfigStatus" + } + }, + "type": "object" + }, + "waas.VPCConfigStatus": { + "description": "VPCConfigStatus is the status of a VPC configuration deployment", + "enum": [ + [ + "inProcess", + "error", + "ready", + "deletionInProgress", + "deleteError", + "deleted" + ] + ], + "type": "string" + }, + "waas.WebAppsDiscoverySettings": { + "description": "WebAppsDiscoverySettings is the web apps discovery settings", + "properties": { + "disabled": { + "description": "Disabled indicates whether web apps discovery is disabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "wildfire.Usage": { + "description": "Usage holds wildfire usage stats, period for the usage varies with context", + "properties": { + "bytes": { + "description": "Bytes is the total number of bytes uploaded to the WildFire API.\n", + "format": "int64", + "type": "integer" + }, + "queries": { + "description": "Queries is the number of queries to the WildFire API.\n", + "format": "int64", + "type": "integer" + }, + "uploads": { + "description": "Uploads is the number of uploads to the WildFire API.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + } + } + }, + "info": { + "title": "Prisma Cloud Compute API", + "version": "32.06.113", + "description": { + "$ref": "desc/intro.md" + } + }, + "openapi": "3.0.3", + "paths": { + "/api/v1/certs/ca.pem": { + "get": { + "description": { + "$ref": "desc/certs/capem_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Certs" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI", + "saas": true, + "self-hosted": true + }, + "operationId": "get-certs-ca.pem", + "summary": "Get CA PEM Certificate File" + } + }, + "/api/v1/certs/server-certs.sh": { + "get": { + "description": { + "$ref": "desc/certs/server-certs_get.md" + }, + "parameters": [ + { + "description": "OS is the target os.\n", + "in": "query", + "name": "os", + "schema": { + "type": "string" + } + }, + { + "description": "IPs is the list of addresses for which the certificates are generated.\n", + "in": "query", + "name": "ip", + "schema": { + "type": "string" + } + }, + { + "description": "Hostname is the target defender hostname.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Certs" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "operationId": "get-certs-server-certs.sh", + "summary": "Get Server Certificates" + } + }, + "/api/v1/registry/webhook/webhook": { + "delete": { + "description": { + "$ref": "desc/registry/webhook_webhook_delete.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "none", + "saas": true, + "self-hosted": true + }, + "operationId": "delete-registry-webhook-webhook", + "summary": "Delete a Registry Webhook" + }, + "post": { + "description": { + "$ref": "desc/registry/webhook_webhook_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.RegistryWebhookRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "none", + "saas": true, + "self-hosted": true + }, + "operationId": "post-registry-webhook-webhook", + "summary": "Registry Webhook" + } + }, + "/api/v1/signup": { + "post": { + "description": { + "$ref": "desc/signup/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Signup" + ], + "x-prisma-cloud-target-env": { + "permission": "none", + "saas": false, + "self-hosted": true + }, + "operationId": "post-signup", + "summary": "Create Admin Account" + } + }, + "/api/v1/util/prisma-cloud-jenkins-plugin.hpi": { + "get": { + "description": { + "$ref": "desc/util/twistlock_jenkins_plugin_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads", + "saas": true, + "self-hosted": true + }, + "operationId": "get-util-prisma-cloud-jenkins-plugin.hpi", + "summary": "Download Jenkins Plugin for Prisma Cloud Compute" + } + }, + "/api/v1/util/tas-tile": { + "get": { + "description": { + "$ref": "desc/util/twistlock_tas_tile_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "operationId": "get-util-tas-tile", + "summary": "Download VMware TAS Tile for Prisma Cloud Compute" + } + }, + "/api/v32.06/_ping": { + "get": { + "description": { + "$ref": "desc/_ping/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "_Ping" + ], + "x-prisma-cloud-target-env": { + "permission": "none", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-_ping", + "summary": "Ping" + } + }, + "/api/v32.06/agentless/progress": { + "get": { + "description": { + "$ref": "desc/agentless/get_agentless_progress.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Progress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-agentless-progress", + "summary": "View the Agentless Scan Progress" + } + }, + "/api/v32.06/agentless/scan": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_scan.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-agentless-scan", + "summary": "Start Agentless Scan" + } + }, + "/api/v32.06/agentless/stop": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_stop.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-agentless-stop", + "summary": "Stop an Ongoing Scan" + } + }, + "/api/v32.06/agentless/templates": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_templates.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.AgentlessResourceTemplatesRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-agentless-templates", + "summary": "Download Agentless Permission Templates" + } + }, + "/api/v32.06/application-control/host": { + "get": { + "description": { + "$ref": "desc/application-control/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_applicationcontrol.Rule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-application-control-host", + "summary": "Host Application Control Rule" + }, + "put": { + "description": { + "$ref": "desc/application-control/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + } + } + }, + "description": "Rule represents an application control policy rule" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-application-control-host", + "summary": "Update Host Application Control Rules" + } + }, + "/api/v32.06/application-control/host/{id}": { + "delete": { + "description": { + "$ref": "desc/application-control/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-application-control-host-id", + "summary": "Delete a Host Application Control Rule" + } + }, + "/api/v32.06/audits/access": { + "get": { + "description": { + "$ref": "desc/audits/access_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Type is the audit type.\n", + "in": "query", + "name": "type", + "schema": { + "type": "string" + } + }, + { + "description": "RuleNames are the rules names to filter by.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames are the rules names to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "APIs are apis to filter by.\n", + "in": "query", + "name": "api", + "schema": { + "description": "APIs are apis to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts are hosts to filter by.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts are hosts to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users are users to filter by.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users are users to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Allow indicated whether allowed requests should be shown.\n", + "in": "query", + "name": "allow", + "schema": { + "type": "string" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessDocker", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-access", + "summary": "Get Docker Access Audit Events" + } + }, + "/api/v32.06/audits/access/download": { + "get": { + "description": { + "$ref": "desc/audits/access_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Type is the audit type.\n", + "in": "query", + "name": "type", + "schema": { + "type": "string" + } + }, + { + "description": "RuleNames are the rules names to filter by.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames are the rules names to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "APIs are apis to filter by.\n", + "in": "query", + "name": "api", + "schema": { + "description": "APIs are apis to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts are hosts to filter by.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts are hosts to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users are users to filter by.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users are users to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Allow indicated whether allowed requests should be shown.\n", + "in": "query", + "name": "allow", + "schema": { + "type": "string" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessDocker", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-access-download", + "summary": "Download Docker Access Audit Events" + } + }, + "/api/v32.06/audits/admission": { + "get": { + "description": { + "$ref": "desc/audits/admission_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Operations is the list of operations to use for filtering.\n", + "in": "query", + "name": "operation", + "schema": { + "description": "Operations is the list of operations to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_admission.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-admission", + "summary": "Get Admission Audit Events" + } + }, + "/api/v32.06/audits/admission/download": { + "get": { + "description": { + "$ref": "desc/audits/admission_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Operations is the list of operations to use for filtering.\n", + "in": "query", + "name": "operation", + "schema": { + "description": "Operations is the list of operations to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-admission-download", + "summary": "Download Admission Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/agentless": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-agentless", + "summary": "Get WAAS Agentless Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/agentless/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-agentless-download", + "summary": "Download WAAS Agentless Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/agentless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-agentless-timeslice", + "summary": "Get WAAS Agentless Audit Events for a Timeframe" + } + }, + "/api/v32.06/audits/firewall/app/app-embedded": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-app-embedded", + "summary": "Get WAAS App-embedded Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-app-embedded-download", + "summary": "Download WAAS App-embedded Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/app-embedded/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-app-embedded-timeslice", + "summary": "Get WAAS App-embedded Audit Events for a Timeframe" + } + }, + "/api/v32.06/audits/firewall/app/container": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-container", + "summary": "Get WAAS Container Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/container/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-container-download", + "summary": "Download WAAS Container Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/container/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-container-timeslice", + "summary": "Get WAAS Container Audit Timeslice" + } + }, + "/api/v32.06/audits/firewall/app/host": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-host", + "summary": "Get WAAS Host Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/host/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-host-download", + "summary": "Download WAAS Host Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/host/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-host-timeslice", + "summary": "Get WAAS Host Audit Timeslice" + } + }, + "/api/v32.06/audits/firewall/app/serverless": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-serverless", + "summary": "Get WAAS Serverless Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/serverless/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-serverless-download", + "summary": "Download WAAS Serverless Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/serverless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-serverless-timeslice", + "summary": "Get WAAS Serverless Audit Events for a Timeframe" + } + }, + "/api/v32.06/audits/firewall/network/container": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcImages are the source images filter.\n", + "in": "query", + "name": "srcImageName", + "schema": { + "description": "SrcImages are the source images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstImages are the destination images filter.\n", + "in": "query", + "name": "dstImageName", + "schema": { + "description": "DstImages are the destination images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Block is the block/audit filter.\n", + "in": "query", + "name": "block", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerNetworkFirewallProfileAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-network-container", + "summary": "Get CNNS Container Audit Events" + } + }, + "/api/v32.06/audits/firewall/network/container/download": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcImages are the source images filter.\n", + "in": "query", + "name": "srcImageName", + "schema": { + "description": "SrcImages are the source images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstImages are the destination images filter.\n", + "in": "query", + "name": "dstImageName", + "schema": { + "description": "DstImages are the destination images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Block is the block/audit filter.\n", + "in": "query", + "name": "block", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-network-container-download", + "summary": "Download CNNS Container Audit Events" + } + }, + "/api/v32.06/audits/firewall/network/host": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcHostname are the source hostnames filter.\n", + "in": "query", + "name": "srcHostnames", + "schema": { + "description": "SrcHostname are the source hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstHostname are the destination hostnames filter.\n", + "in": "query", + "name": "dstHostnames", + "schema": { + "description": "DstHostname are the destination hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.HostNetworkFirewallProfileAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-network-host", + "summary": "Get CNNS Host Audit Events" + } + }, + "/api/v32.06/audits/firewall/network/host/download": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcHostname are the source hostnames filter.\n", + "in": "query", + "name": "srcHostnames", + "schema": { + "description": "SrcHostname are the source hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstHostname are the destination hostnames filter.\n", + "in": "query", + "name": "dstHostnames", + "schema": { + "description": "DstHostname are the destination hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-network-host-download", + "summary": "Download CNNS Host Audit Events" + } + }, + "/api/v32.06/audits/incidents": { + "get": { + "description": { + "$ref": "desc/audits/incidents_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results from a start datetime.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results from an end datetime.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by hostname where the incident occurred.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters results by hostname where the incident occurred.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident category.\n", + "in": "query", + "name": "category", + "schema": { + "description": "Filters results by incident category.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Filters results by incident type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by runtime profile ID.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "Filters results by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incidents that have been acknowledged.\n", + "in": "query", + "name": "acknowledged", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by app IDs.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "Filters results by app IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by container IDs.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "Filters results by container IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by function IDs.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "Filters results by function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by custom rule names.\n", + "in": "query", + "name": "customRuleName", + "schema": { + "description": "Filters results by custom rule names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Incident" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-incidents", + "summary": "Get Incident Audit Events" + } + }, + "/api/v32.06/audits/incidents/acknowledge/{id}": { + "patch": { + "description": { + "$ref": "desc/audits/incidents_archive_patch.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Incident" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "patch-audits-incidents-acknowledge-id", + "summary": "Archive an Incident Audit Event" + } + }, + "/api/v32.06/audits/incidents/download": { + "get": { + "description": { + "$ref": "desc/audits/incidents_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results from a start datetime.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results from an end datetime.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by hostname where the incident occurred.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters results by hostname where the incident occurred.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident category.\n", + "in": "query", + "name": "category", + "schema": { + "description": "Filters results by incident category.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Filters results by incident type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by runtime profile ID.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "Filters results by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incidents that have been acknowledged.\n", + "in": "query", + "name": "acknowledged", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by app IDs.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "Filters results by app IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by container IDs.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "Filters results by container IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by function IDs.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "Filters results by function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by custom rule names.\n", + "in": "query", + "name": "customRuleName", + "schema": { + "description": "Filters results by custom rule names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-incidents-download", + "summary": "Download Incident Audit Events" + } + }, + "/api/v32.06/audits/kubernetes": { + "get": { + "description": { + "$ref": "desc/audits/kubernetes_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Users is the list of users to use for filtering.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is the list of users to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the list of clusters for filtering.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the list of clusters for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_kubeaudit.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-kubernetes", + "summary": "Get Kubernetes Audit Events" + } + }, + "/api/v32.06/audits/kubernetes/download": { + "get": { + "description": { + "$ref": "desc/audits/kubernetes_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Users is the list of users to use for filtering.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is the list of users to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the list of clusters for filtering.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the list of clusters for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-kubernetes-download", + "summary": "Download Kubernetes Audit Events" + } + }, + "/api/v32.06/audits/mgmt": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.MgmtAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-mgmt", + "summary": "Get Management Audit Events" + } + }, + "/api/v32.06/audits/mgmt/download": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-mgmt-download", + "summary": "Download Management Audit Events" + } + }, + "/api/v32.06/audits/mgmt/filters": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_filters_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.MgmtAuditFilters" + } + } + }, + "description": "MgmtAuditFilters are filters for management audit queries" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-mgmt-filters", + "summary": "Get Management Audit Event Filters" + } + }, + "/api/v32.06/audits/runtime/app-embedded": { + "get": { + "description": { + "$ref": "desc/audits/runtime_app_embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-app-embedded", + "summary": "Get Runtime App-embedded Audit Events" + } + }, + "/api/v32.06/audits/runtime/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_app_embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-app-embedded-download", + "summary": "Download Runtime App-embedded Audit Events" + } + }, + "/api/v32.06/audits/runtime/container": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-container", + "summary": "Get Runtime Container Audit Events" + } + }, + "/api/v32.06/audits/runtime/container/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-container-download", + "summary": "Download Runtime Container Audit Events" + } + }, + "/api/v32.06/audits/runtime/container/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-container-timeslice", + "summary": "Get Runtime Container Audit Events for a Timeframe" + } + }, + "/api/v32.06/audits/runtime/file-integrity": { + "get": { + "description": { + "$ref": "desc/audits/runtime_file-integrity_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the list of paths to use for filtering.\n", + "in": "query", + "name": "path", + "schema": { + "description": "Paths is the list of paths to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "in": "query", + "name": "eventType", + "schema": { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.FileIntegrityEvent" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-file-integrity", + "summary": "Get Runtime File Integrity Audit Events" + } + }, + "/api/v32.06/audits/runtime/file-integrity/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_file-integrity_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the list of paths to use for filtering.\n", + "in": "query", + "name": "path", + "schema": { + "description": "Paths is the list of paths to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "in": "query", + "name": "eventType", + "schema": { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-file-integrity-download", + "summary": "Download Runtime File Integrity Audit Events" + } + }, + "/api/v32.06/audits/runtime/host": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-host", + "summary": "Get Runtime Host Audit Events" + } + }, + "/api/v32.06/audits/runtime/host/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-host-download", + "summary": "Download Runtime Host Audit Events" + } + }, + "/api/v32.06/audits/runtime/host/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-host-timeslice", + "summary": "Get Runtime Host Audit Events for a Timeframe" + } + }, + "/api/v32.06/audits/runtime/log-inspection": { + "get": { + "description": { + "$ref": "desc/audits/runtime_log-inspection_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Logfiles is the list of log files to use for filtering.\n", + "in": "query", + "name": "logfile", + "schema": { + "description": "Logfiles is the list of log files to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.LogInspectionEvent" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-log-inspection", + "summary": "Get Runtime Log Inspection Audit Events" + } + }, + "/api/v32.06/audits/runtime/log-inspection/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_log-inspection_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Logfiles is the list of log files to use for filtering.\n", + "in": "query", + "name": "logfile", + "schema": { + "description": "Logfiles is the list of log files to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-log-inspection-download", + "summary": "Download Runtime Log Inspection Audit Events" + } + }, + "/api/v32.06/audits/runtime/serverless": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ProfileIDs are the profile ids to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile ids to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is an optional exact time constraint for the audit.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is a filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is a filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request id.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request id.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-serverless", + "summary": "Get Runtime Serverless Audit Events" + } + }, + "/api/v32.06/audits/runtime/serverless/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-serverless-download", + "summary": "Download Serverless Audit Events" + } + }, + "/api/v32.06/audits/runtime/serverless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-serverless-timeslice", + "summary": "Get Runtime Serverless Audit Events for a Timeframe" + } + }, + "/api/v32.06/audits/trust": { + "get": { + "description": { + "$ref": "desc/audits/trust_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rulename.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rulename.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter by registry/repo.\n", + "in": "query", + "name": "_id", + "schema": { + "description": "IDs is used to filter by registry/repo.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TrustAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-trust", + "summary": "Get Trust Audit Events" + } + }, + "/api/v32.06/audits/trust/download": { + "get": { + "description": { + "$ref": "desc/audits/trust_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rulename.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rulename.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter by registry/repo.\n", + "in": "query", + "name": "_id", + "schema": { + "description": "IDs is used to filter by registry/repo.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-trust-download", + "summary": "Download Trust Audit Events" + } + }, + "/api/v32.06/authenticate": { + "post": { + "description": { + "$ref": "desc/authenticate/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationRequest" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationResponse" + } + } + }, + "description": "AuthenticationResponse returns the result of calling the authentication endpoint" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Authenticate" + ], + "x-prisma-cloud-target-env": { + "permission": "none", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-authenticate", + "summary": "Get User Authentication Access Token" + } + }, + "/api/v32.06/authenticate-client": { + "post": { + "description": { + "$ref": "desc/authenticate-client/post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ConsoleAuthResponse" + } + } + }, + "description": "ConsoleAuthResponse represents the console certificates authentication response" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Authenticate-Client" + ], + "x-prisma-cloud-target-env": { + "permission": "none", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-authenticate-client", + "summary": "Get Client Authentication Access Token" + } + }, + "/api/v32.06/cloud/discovery": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountName is the account name filter.\n", + "in": "query", + "name": "accountName", + "schema": { + "description": "AccountName is the account name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Agentless is the agentless filter.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CloudDiscoveryResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-cloud-discovery", + "summary": "Get Cloud Discovery Scan Results" + } + }, + "/api/v32.06/cloud/discovery/download": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountName is the account name filter.\n", + "in": "query", + "name": "accountName", + "schema": { + "description": "AccountName is the account name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Agentless is the agentless filter.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-cloud-discovery-download", + "summary": "Download Cloud Discovery Scan Results" + } + }, + "/api/v32.06/cloud/discovery/entities": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_entities_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Defended is the defended filter.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CloudDiscoveryEntity" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-cloud-discovery-entities", + "summary": "Get Discovered Cloud Entities" + } + }, + "/api/v32.06/cloud/discovery/scan": { + "post": { + "description": { + "$ref": "desc/cloud/discovery_scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-cloud-discovery-scan", + "summary": "Start a Cloud Discovery Scan" + } + }, + "/api/v32.06/cloud/discovery/stop": { + "post": { + "description": { + "$ref": "desc/cloud/discovery_stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-cloud-discovery-stop", + "summary": "Stop a Cloud Discovery Scan" + } + }, + "/api/v32.06/cloud/discovery/vms": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_vms_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Region is the region filter.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Region is the region filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "HasDefender indicates only VMs with or without a defender should return.\n", + "in": "query", + "name": "hasDefender", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.DiscoveredVM" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-cloud-discovery-vms", + "summary": "Get Discovered VMs" + } + }, + "/api/v32.06/coderepos-ci/evaluate": { + "post": { + "description": { + "$ref": "desc/coderepos-ci/post_resolve.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/coderepos.ScanResult" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/coderepos.ScanResult" + } + } + }, + "description": "ScanResult holds a specific repository data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Coderepos-Ci" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-coderepos-ci-evaluate", + "summary": "Resolve Code Repos" + } + }, + "/api/v32.06/collections": { + "get": { + "description": { + "$ref": "desc/collections/get.md" + }, + "parameters": [ + { + "description": "ExcludePrisma indicates to exclude Prisma collections.\n", + "in": "query", + "name": "excludePrisma", + "schema": { + "type": "boolean" + } + }, + { + "description": "Prisma filters the collections originates from Prisma Cloud.\n", + "in": "query", + "name": "prisma", + "schema": { + "type": "boolean" + } + }, + { + "description": "System.\n", + "in": "query", + "name": "system", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_collection.Collection" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-collections", + "summary": "Get Collections" + }, + "post": { + "description": { + "$ref": "desc/collections/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/collection.Collection" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-collections", + "summary": "Add a New Collection" + } + }, + "/api/v32.06/collections/{id}": { + "delete": { + "description": { + "$ref": "desc/collections/name_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-collections-id", + "summary": "Delete an Existing Collection" + }, + "put": { + "description": { + "$ref": "desc/collections/name_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/collection.Collection" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-collections-id", + "summary": "Update an Existing Collection" + } + }, + "/api/v32.06/collections/{id}/usages": { + "get": { + "description": { + "$ref": "desc/collections/name_usages_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_collection.Usage" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-collections-id-usages", + "summary": "Get Policies for a Collection" + } + }, + "/api/v32.06/containers": { + "get": { + "description": { + "$ref": "desc/containers/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-containers", + "summary": "Get Container Scan Results" + } + }, + "/api/v32.06/containers/count": { + "get": { + "description": { + "$ref": "desc/containers/count_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/int" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-containers-count", + "summary": "Get Containers Count" + } + }, + "/api/v32.06/containers/download": { + "get": { + "description": { + "$ref": "desc/containers/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-containers-download", + "summary": "Download Container Scan Results" + } + }, + "/api/v32.06/containers/names": { + "get": { + "description": { + "$ref": "desc/containers/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-containers-names", + "summary": "Get Container Names" + } + }, + "/api/v32.06/containers/scan": { + "post": { + "description": { + "$ref": "desc/containers/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-containers-scan", + "summary": "Start a Container Scan" + } + }, + "/api/v32.06/credentials": { + "get": { + "description": { + "$ref": "desc/credentials/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the credential IDs to filter.\n", + "in": "query", + "name": "ids", + "schema": { + "description": "IDs are the credential IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cloud indicates whether to fetch cloud credentials (AWS/GCP/OCI/Azure) or other types of credentials.\n", + "in": "query", + "name": "cloud", + "schema": { + "type": "boolean" + } + }, + { + "description": "External indicates whether to fetch credentials imported from Prisma.\n", + "in": "query", + "name": "external", + "schema": { + "type": "boolean" + } + }, + { + "description": "AutoImported indicates whether to fetch credentials imported from Prisma automatically.\n", + "in": "query", + "name": "autoImported", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_cred.Credential" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-credentials", + "summary": "Get All Credentials" + }, + "post": { + "description": { + "$ref": "desc/credentials/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cred.Credential" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-credentials", + "summary": "Add Credentials" + } + }, + "/api/v32.06/credentials/{id}": { + "delete": { + "description": { + "$ref": "desc/credentials/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-credentials-id", + "summary": "Delete a Credential" + } + }, + "/api/v32.06/credentials/{id}/usages": { + "get": { + "description": { + "$ref": "desc/credentials/id_usages_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.CredentialUsage" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-credentials-id-usages", + "summary": "Get Credential Usages" + } + }, + "/api/v32.06/current/collections": { + "get": { + "description": { + "$ref": "desc/current/collections_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.UserCollection" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Current" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-current-collections", + "summary": "User Collections" + } + }, + "/api/v32.06/current/projects": { + "get": { + "description": { + "$ref": "desc/current/projects_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.UserProject" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Current" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-current-projects", + "summary": "User Projects" + } + }, + "/api/v32.06/custom-compliance": { + "get": { + "description": { + "$ref": "desc/custom-compliance/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CustomComplianceCheck" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-custom-compliance", + "summary": "Get Custom Compliance Checks" + }, + "put": { + "description": { + "$ref": "desc/custom-compliance/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + } + } + }, + "description": "CustomComplianceCheck represents a custom compliance check entry" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-custom-compliance", + "summary": "Update Custom Compliance Checks" + } + }, + "/api/v32.06/custom-compliance/{id}": { + "delete": { + "description": { + "$ref": "desc/custom-compliance/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-custom-compliance-id", + "summary": "Delete a Custom Compliance Check" + } + }, + "/api/v32.06/custom-rules": { + "get": { + "description": { + "$ref": "desc/custom-rules/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_customrules.Rule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-custom-rules", + "summary": "Get Custom Rules" + } + }, + "/api/v32.06/custom-rules/{id}": { + "delete": { + "description": { + "$ref": "desc/custom-rules/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-custom-rules-id", + "summary": "Delete a Custom Rule" + }, + "put": { + "description": { + "$ref": "desc/custom-rules/id_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/customrules.Rule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-custom-rules-id", + "summary": "Update a Custom Rule" + } + }, + "/api/v32.06/defenders": { + "get": { + "description": { + "$ref": "desc/defenders/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_defender.Defender" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-defenders", + "summary": "Get Deployed Defenders" + } + }, + "/api/v32.06/defenders/app-embedded": { + "post": { + "description": { + "$ref": "desc/defenders/app_embedded_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.AppEmbeddedEmbedRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-app-embedded", + "summary": "Generate a Docker File for App-embedded Defender" + } + }, + "/api/v32.06/defenders/daemonset.yaml": { + "post": { + "description": { + "$ref": "desc/defenders/daemonset_yaml_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.DaemonSetOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-daemonset.yaml", + "summary": "Generate Daemonset Deployment YAML File" + } + }, + "/api/v32.06/defenders/download": { + "get": { + "description": { + "$ref": "desc/defenders/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-defenders-download", + "summary": "Download Deployed Defenders" + } + }, + "/api/v32.06/defenders/fargate.json": { + "post": { + "description": { + "$ref": "desc/defenders/fargate_json_post.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/appembedded.FargateTask" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/appembedded.FargateTask" + } + } + }, + "description": "FargateTask represents the generic fargate task AWS template" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-fargate.json", + "summary": "Generate a Protected JSON Fargate Task Definition" + } + }, + "/api/v32.06/defenders/fargate.yaml": { + "post": { + "description": { + "$ref": "desc/defenders/fargate_yaml_post.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-fargate.yaml", + "summary": "Generate a Protected YAML Fargate Task Definition" + } + }, + "/api/v32.06/defenders/helm/twistlock-defender-helm.tar.gz": { + "post": { + "description": { + "$ref": "desc/defenders/helm_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.DaemonSetOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-helm-twistlock-defender-helm.tar.gz", + "summary": "Generate a Helm Deployment Chart for Defender" + } + }, + "/api/v32.06/defenders/image-name": { + "get": { + "description": { + "$ref": "desc/defenders/image-name_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-defenders-image-name", + "summary": "Get Docker Image Name for Defender" + } + }, + "/api/v32.06/defenders/install-bundle": { + "get": { + "description": { + "$ref": "desc/defenders/install-bundle_get.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.DefenderInstallBundle" + } + } + }, + "description": "DefenderInstallBundle represents the install bundle for the defender" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-defenders-install-bundle", + "summary": "Get Certificate Bundle for Defender" + } + }, + "/api/v32.06/defenders/names": { + "get": { + "description": { + "$ref": "desc/defenders/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-defenders-names", + "summary": "Get Defender Names" + } + }, + "/api/v32.06/defenders/serverless/bundle": { + "post": { + "description": { + "$ref": "desc/defenders/serverless-bundle_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ServerlessBundleRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-serverless-bundle", + "summary": "Generate Serverless Bundle for Defender" + } + }, + "/api/v32.06/defenders/summary": { + "get": { + "description": { + "$ref": "desc/defenders/summary_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.DefenderSummary" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-defenders-summary", + "summary": "Get Defenders Summary" + } + }, + "/api/v32.06/defenders/tas-cloud-controller-address": { + "get": { + "description": { + "$ref": "desc/defenders/tas-cloud-controller-address_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-defenders-tas-cloud-controller-address", + "summary": "Defenders Tas Cloud Controller Address" + } + }, + "/api/v32.06/defenders/upgrade": { + "post": { + "description": { + "$ref": "desc/defenders/upgrade_post.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-upgrade", + "summary": "Upgrade Connected Single Linux Defenders" + } + }, + "/api/v32.06/defenders/{id}": { + "delete": { + "description": { + "$ref": "desc/defenders/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-defenders-id", + "summary": "Delete a Defender" + } + }, + "/api/v32.06/defenders/{id}/features": { + "post": { + "description": { + "$ref": "desc/defenders/id_features_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Features" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Defender" + } + } + }, + "description": "Defender is an update about an agent starting" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-id-features", + "summary": "Update Defender Configuration" + } + }, + "/api/v32.06/defenders/{id}/restart": { + "post": { + "description": { + "$ref": "desc/defenders/id_restart_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-id-restart", + "summary": "Restart a Defender" + } + }, + "/api/v32.06/defenders/{id}/upgrade": { + "post": { + "description": { + "$ref": "desc/defenders/id_upgrade_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-id-upgrade", + "summary": "Upgrade a Defender" + } + }, + "/api/v32.06/feeds/custom/custom-vulnerabilities": { + "get": { + "description": { + "$ref": "desc/feeds/custom-vulnerabilities_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/vuln.CustomVulnerabilities" + } + } + }, + "description": "CustomVulnerabilities is a collection of custom vulnerabilities\nTBD: this storage usage is not best practice, should be migrate to a 1 document per vulnerability" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-feeds-custom-custom-vulnerabilities", + "summary": "Get Custom Vulnerability Feed" + }, + "put": { + "description": { + "$ref": "desc/feeds/custom-vulnerabilities_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/vuln.CustomVulnerabilities" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-feeds-custom-custom-vulnerabilities", + "summary": "Update Custom Vulnerability Feed" + } + }, + "/api/v32.06/feeds/custom/malware": { + "get": { + "description": { + "$ref": "desc/feeds/malware_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomMalwareFeed" + } + } + }, + "description": "CustomMalwareFeed represent the custom malware" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "user", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-feeds-custom-malware", + "summary": "Get Custom Malware Feed" + }, + "put": { + "description": { + "$ref": "desc/feeds/malware_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomMalwareFeed" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-feeds-custom-malware", + "summary": "Update Custom Malware Feed" + } + }, + "/api/v32.06/groups": { + "get": { + "description": { + "$ref": "desc/groups/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Groups" + } + } + }, + "description": "Groups represents a list of groups" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-groups", + "summary": "Get Groups" + }, + "post": { + "description": { + "$ref": "desc/groups/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Group" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-groups", + "summary": "Add a Group" + } + }, + "/api/v32.06/groups/names": { + "get": { + "description": { + "$ref": "desc/groups/names.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-groups-names", + "summary": "Get Group Names" + } + }, + "/api/v32.06/groups/{id}": { + "delete": { + "description": { + "$ref": "desc/groups/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-groups-id", + "summary": "Delete a Group" + }, + "put": { + "description": { + "$ref": "desc/groups/id_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Group" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-groups-id", + "summary": "Update a Group" + } + }, + "/api/v32.06/hosts": { + "get": { + "description": { + "$ref": "desc/hosts/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-hosts", + "summary": "Get Host Scan Results" + } + }, + "/api/v32.06/hosts/download": { + "get": { + "description": { + "$ref": "desc/hosts/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-hosts-download", + "summary": "Download Host Scan Results" + } + }, + "/api/v32.06/hosts/evaluate": { + "post": { + "description": { + "$ref": "desc/hosts/evaluate_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesResp" + } + } + }, + "description": "ResolveImagesResp represents the images resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-hosts-evaluate", + "summary": "Resolve Hosts" + } + }, + "/api/v32.06/hosts/info": { + "get": { + "description": { + "$ref": "desc/hosts/info_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.HostInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-hosts-info", + "summary": "Get Host Information" + } + }, + "/api/v32.06/hosts/scan": { + "post": { + "description": { + "$ref": "desc/hosts/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-hosts-scan", + "summary": "Start a Host Scan" + } + }, + "/api/v32.06/images": { + "get": { + "description": { + "$ref": "desc/images/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-images", + "summary": "Get Image Scan Results" + } + }, + "/api/v32.06/images/download": { + "get": { + "description": { + "$ref": "desc/images/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-images-download", + "summary": "Download Image Scan Results" + } + }, + "/api/v32.06/images/evaluate": { + "post": { + "description": { + "$ref": "desc/images/evaluate_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesResp" + } + } + }, + "description": "ResolveImagesResp represents the images resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-images-evaluate", + "summary": "Resolve Images" + } + }, + "/api/v32.06/images/names": { + "get": { + "description": { + "$ref": "desc/images/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-images-names", + "summary": "Get Image Names" + } + }, + "/api/v32.06/images/scan": { + "post": { + "description": { + "$ref": "desc/images/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ImageScanOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-images-scan", + "summary": "Start Image Scan" + } + }, + "/api/v32.06/images/twistlock_defender_app_embedded.tar.gz": { + "get": { + "description": { + "$ref": "desc/images/twistlock_defender_app_embedded_tar_gz_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-images-twistlock_defender_app_embedded.tar.gz", + "summary": "Download App Embedded Defender" + } + }, + "/api/v32.06/images/twistlock_defender_layer.zip": { + "post": { + "description": { + "$ref": "desc/images/twistlock_defender_layer_zip_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ServerlessLayerBundleRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-images-twistlock_defender_layer.zip", + "summary": "Download Serverless Layer Bundle" + } + }, + "/api/v32.06/policies/compliance/ci/images": { + "get": { + "description": { + "$ref": "desc/policies/compliance_ci_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-compliance-ci-images", + "summary": "Get Continuous Integration (CI) Image Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_ci_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-compliance-ci-images", + "summary": "Update Continuous Integration (CI) Image Compliance Policy" + } + }, + "/api/v32.06/policies/compliance/ci/serverless": { + "get": { + "description": { + "$ref": "desc/policies/compliance_ci_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-compliance-ci-serverless", + "summary": "Get Continuous Integration (CI) Serverless Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_ci_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-compliance-ci-serverless", + "summary": "Update Continuous Integration (CI) Serverless Compliance Policy" + } + }, + "/api/v32.06/policies/compliance/container": { + "get": { + "description": { + "$ref": "desc/policies/compliance_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-compliance-container", + "summary": "Get Container Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-compliance-container", + "summary": "Update Container Compliance Policy" + } + }, + "/api/v32.06/policies/compliance/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/compliance_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-compliance-container-impacted", + "summary": "Get Impacted Container Compliance Policy" + } + }, + "/api/v32.06/policies/compliance/host": { + "get": { + "description": { + "$ref": "desc/policies/compliance_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-compliance-host", + "summary": "Get Host Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-compliance-host", + "summary": "Update Host Compliance Policy" + } + }, + "/api/v32.06/policies/compliance/serverless": { + "get": { + "description": { + "$ref": "desc/policies/compliance_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-compliance-serverless", + "summary": "Get Serverless Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-compliance-serverless", + "summary": "Update Serverless Compliance Policy" + } + }, + "/api/v32.06/policies/compliance/vms/impacted": { + "get": { + "description": { + "$ref": "desc/policies/compliance_vms_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-compliance-vms-impacted", + "summary": "Get Impacted VMs Compliance Policy" + } + }, + "/api/v32.06/policies/firewall/app/agentless": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-agentless", + "summary": "Get Agentless App Firewall Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-app-agentless", + "summary": "Set Agentless App Firewall Policy" + } + }, + "/api/v32.06/policies/firewall/app/agentless/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.VPCConfigMirroredVM" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-agentless-impacted", + "summary": "Get Agentless App Firewall Policy Impacted" + } + }, + "/api/v32.06/policies/firewall/app/agentless/resources": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_resources_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ConfigID is the ID of the VPC configuration.\n", + "in": "query", + "name": "configID", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.VPCConfigResource" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-agentless-resources", + "summary": "Get Agentless App Firewall Policy Resources" + } + }, + "/api/v32.06/policies/firewall/app/agentless/state": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_state_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.AgentlessPolicyState" + } + } + }, + "description": "AgentlessPolicyState is the state of the agentless policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-agentless-state", + "summary": "Get Agentless App Firewall Policy State" + } + }, + "/api/v32.06/policies/firewall/app/apispec": { + "post": { + "description": { + "$ref": "desc/policies/firewall_app_apispec_post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.APISpec" + } + } + }, + "description": "APISpec is an API specification" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-policies-firewall-app-apispec", + "summary": "Generate a WAAS API Specification Object" + } + }, + "/api/v32.06/policies/firewall/app/app-embedded": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app-embedded_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-app-embedded", + "summary": "Get WAAS App-embedded Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app-embedded_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-app-app-embedded", + "summary": "Update WAAS App-embedded Policy" + } + }, + "/api/v32.06/policies/firewall/app/container": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-container", + "summary": "Get WAAS Container Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-app-container", + "summary": "Update WAAS Container Policy" + } + }, + "/api/v32.06/policies/firewall/app/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-container-impacted", + "summary": "Container App Firewall Policy Impacted" + } + }, + "/api/v32.06/policies/firewall/app/host": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-host", + "summary": "Get WAAS Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-app-host", + "summary": "Update WAAS Host Policy" + } + }, + "/api/v32.06/policies/firewall/app/host/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_host_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-host-impacted", + "summary": "Host App Firewall Policy Impacted" + } + }, + "/api/v32.06/policies/firewall/app/network-list": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.NetworkList" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-network-list", + "summary": "Get WAAS Network List" + }, + "post": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.NetworkList" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-policies-firewall-app-network-list", + "summary": "Add WAAS Network List" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.NetworkList" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-app-network-list", + "summary": "Update WAAS Network List" + } + }, + "/api/v32.06/policies/firewall/app/network-list/{id}": { + "delete": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-policies-firewall-app-network-list-id", + "summary": "Delete WAAS Network List" + } + }, + "/api/v32.06/policies/firewall/app/out-of-band": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-out-of-band", + "summary": "Get Out-of-Band WAAS Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-app-out-of-band", + "summary": "Update Out-of-Band WAAS Policy" + } + }, + "/api/v32.06/policies/firewall/app/out-of-band/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.ImpactedOutOfBandEntity" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-out-of-band-impacted", + "summary": "Get Impacted Resources for Out-of-Band WAAS Policy" + } + }, + "/api/v32.06/policies/firewall/app/serverless": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-serverless", + "summary": "Get WAAS Serverless Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-app-serverless", + "summary": "Update WAAS Serverless Policy" + } + }, + "/api/v32.06/policies/firewall/network": { + "get": { + "description": { + "$ref": "desc/policies/firewall_network_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cnnf.Policy" + } + } + }, + "description": "Policy holds the data for firewall policies (host and container)" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCNNF", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-network", + "summary": "Get CNNS Container and Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_network_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cnnf.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCNNF", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-network", + "summary": "Update CNNS Container and Host Policy" + } + }, + "/api/v32.06/policies/runtime/app-embedded": { + "get": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicy" + } + } + }, + "description": "AppEmbeddedPolicy represents a runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-runtime-app-embedded", + "summary": "Get Runtime App-embedded Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-policies-runtime-app-embedded", + "summary": "Add Runtime App-embedded Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-runtime-app-embedded", + "summary": "Update Runtime App-embedded Policy" + } + }, + "/api/v32.06/policies/runtime/container": { + "get": { + "description": { + "$ref": "desc/policies/runtime_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicy" + } + } + }, + "description": "ContainerPolicy represents a runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-runtime-container", + "summary": "Get Runtime Container Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_container_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-policies-runtime-container", + "summary": "Update Runtime Container Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-runtime-container", + "summary": "Set Container Runtime Policy" + } + }, + "/api/v32.06/policies/runtime/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/runtime_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-runtime-container-impacted", + "summary": "Update Runtime Impacted Container Policy" + } + }, + "/api/v32.06/policies/runtime/host": { + "get": { + "description": { + "$ref": "desc/policies/runtime_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicy" + } + } + }, + "description": "HostPolicy represents a host runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-runtime-host", + "summary": "Get Runtime Host Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_host_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-policies-runtime-host", + "summary": "Update Runtime Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-runtime-host", + "summary": "Set Host Runtime Policy" + } + }, + "/api/v32.06/policies/runtime/serverless": { + "get": { + "description": { + "$ref": "desc/policies/runtime_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicy" + } + } + }, + "description": "ServerlessPolicy represents a serverless runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-runtime-serverless", + "summary": "Get Runtime Serverless Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_serverless_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-policies-runtime-serverless", + "summary": "Update Runtime Serverless Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-runtime-serverless", + "summary": "Set Host Runtime Policy" + } + }, + "/api/v32.06/policies/vulnerability/base-images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.BaseImagesRule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-base-images", + "summary": "Get Base Images Rules" + }, + "post": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.BaseImagesRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-policies-vulnerability-base-images", + "summary": "Add Base Images Rule" + } + }, + "/api/v32.06/policies/vulnerability/base-images/download": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_download.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-base-images-download", + "summary": "Download Base Images Rules" + } + }, + "/api/v32.06/policies/vulnerability/base-images/{id}": { + "delete": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-policies-vulnerability-base-images-id", + "summary": "Delete Base Images Rule" + } + }, + "/api/v32.06/policies/vulnerability/ci/images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_ci_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-ci-images", + "summary": "Get CI Image Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_ci_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-vulnerability-ci-images", + "summary": "Update CI Image Vulnerability Policy" + } + }, + "/api/v32.06/policies/vulnerability/ci/serverless": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_ci_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-ci-serverless", + "summary": "Get CI Serverless Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_ci_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-vulnerability-ci-serverless", + "summary": "Update CI Serverless Vulnerability Policy" + } + }, + "/api/v32.06/policies/vulnerability/host": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-host", + "summary": "Get Host Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-vulnerability-host", + "summary": "Update Host Vulnerability Policy" + } + }, + "/api/v32.06/policies/vulnerability/host/impacted": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_host_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-host-impacted", + "summary": "Get Impacted Host Vulnerability Policy" + } + }, + "/api/v32.06/policies/vulnerability/images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-images", + "summary": "Get Image Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-vulnerability-images", + "summary": "Update Image Vulnerability Policy" + } + }, + "/api/v32.06/policies/vulnerability/images/impacted": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_images_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-images-impacted", + "summary": "Get Impacted Image Vulnerability Policy" + } + }, + "/api/v32.06/policies/vulnerability/serverless": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-serverless", + "summary": "Get Serverless Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-vulnerability-serverless", + "summary": "Update Serverless Vulnerability Policy" + } + }, + "/api/v32.06/profiles/app-embedded": { + "get": { + "description": { + "$ref": "desc/profiles/app-embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the app embedded container filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the app embedded container filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the app embedded images filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the app embedded images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the app embedded clusters filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the app embedded clusters filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppEmbeddedRuntimeProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-profiles-app-embedded", + "summary": "Get App-embedded Profiles" + } + }, + "/api/v32.06/profiles/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/profiles/app-embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the app embedded container filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the app embedded container filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the app embedded images filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the app embedded images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the app embedded clusters filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the app embedded clusters filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-profiles-app-embedded-download", + "summary": "Download App-embedded Profiles" + } + }, + "/api/v32.06/profiles/container": { + "get": { + "description": { + "$ref": "desc/profiles/container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerRuntimeProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-profiles-container", + "summary": "Get Runtime Container Profiles" + } + }, + "/api/v32.06/profiles/container/download": { + "get": { + "description": { + "$ref": "desc/profiles/container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-profiles-container-download", + "summary": "Download Runtime Container Profiles" + } + }, + "/api/v32.06/profiles/container/learn": { + "post": { + "description": { + "$ref": "desc/profiles/container_learn_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-profiles-container-learn", + "summary": "Learn Runtime Container Profiles" + } + }, + "/api/v32.06/profiles/host": { + "get": { + "description": { + "$ref": "desc/profiles/host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_runtime.HostProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-profiles-host", + "summary": "Get Runtime Host Profiles" + } + }, + "/api/v32.06/profiles/host/download": { + "get": { + "description": { + "$ref": "desc/profiles/host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-profiles-host-download", + "summary": "Download Runtime Host Profiles" + } + }, + "/api/v32.06/registry": { + "get": { + "description": { + "$ref": "desc/registry/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-registry", + "summary": "Get Registry Scan Results" + } + }, + "/api/v32.06/registry/download": { + "get": { + "description": { + "$ref": "desc/registry/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-registry-download", + "summary": "Download Registry Scan Results" + } + }, + "/api/v32.06/registry/names": { + "get": { + "description": { + "$ref": "desc/registry/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-registry-names", + "summary": "Get Registry Image Names" + } + }, + "/api/v32.06/registry/progress": { + "get": { + "description": { + "$ref": "desc/registry/get_registry_progress.md" + }, + "parameters": [ + { + "description": "OnDemand indicates the requested progress is for an on-demand scan.\n", + "in": "query", + "name": "onDemand", + "schema": { + "type": "boolean" + } + }, + { + "description": "Registry is the image's registry.\n", + "in": "query", + "name": "registry", + "schema": { + "type": "string" + } + }, + { + "description": "Repository is the image's repository.\n", + "in": "query", + "name": "repo", + "schema": { + "type": "string" + } + }, + { + "description": "Tag is the image's tag.\n", + "in": "query", + "name": "tag", + "schema": { + "type": "string" + } + }, + { + "description": "Digest is the image's digest.\n", + "in": "query", + "name": "digest", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RegistryScanProgress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-registry-progress", + "summary": "View Registry Scan Progress" + } + }, + "/api/v32.06/registry/scan": { + "post": { + "description": { + "$ref": "desc/registry/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistryScanRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-registry-scan", + "summary": "Start a Registry Scan" + } + }, + "/api/v32.06/registry/scan/select": { + "post": { + "description": { + "$ref": "desc/registry/scan_select_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RegistryScanRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-registry-scan-select", + "summary": "Scan Registries" + } + }, + "/api/v32.06/registry/stop": { + "post": { + "description": { + "$ref": "desc/registry/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-registry-stop", + "summary": "Stop a Registry Scan" + } + }, + "/api/v32.06/registry/stop/{id}": { + "post": { + "description": { + "$ref": "desc/registry/stop_id_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-registry-stop-id", + "summary": "Stop a Registry spec Scan" + } + }, + "/api/v32.06/sandbox": { + "post": { + "description": { + "$ref": "desc/sandbox/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/sandbox.ScanResult" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/sandbox.ScanResult" + } + } + }, + "description": "ScanResult represents sandbox scan results" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sandbox" + ], + "x-prisma-cloud-target-env": { + "permission": "sandbox", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-sandbox", + "summary": "AddSandboxScanResult" + } + }, + "/api/v32.06/sbom/download/cli-images": { + "get": { + "description": { + "$ref": "desc/sbom/download_ci_images_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": ".\n", + "in": "query", + "name": "id", + "schema": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": ".\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-sbom-download-cli-images", + "summary": "Download SBOM CI Images" + } + }, + "/api/v32.06/sbom/download/cli-serverless": { + "get": { + "description": { + "$ref": "desc/sbom/download_ci_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": ".\n", + "in": "query", + "name": "id", + "schema": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": ".\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-sbom-download-cli-serverless", + "summary": "Download SBOM CLI Serverless" + } + }, + "/api/v32.06/sbom/download/hosts": { + "get": { + "description": { + "$ref": "desc/sbom/download_hosts_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": ".\n", + "in": "query", + "name": "id", + "schema": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": ".\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-sbom-download-hosts", + "summary": "Download SBOM Hosts" + } + }, + "/api/v32.06/sbom/download/images": { + "get": { + "description": { + "$ref": "desc/sbom/download_images_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": ".\n", + "in": "query", + "name": "id", + "schema": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": ".\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-sbom-download-images", + "summary": "Download SBOM Images" + } + }, + "/api/v32.06/sbom/download/registry": { + "get": { + "description": { + "$ref": "desc/sbom/download_registry_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": ".\n", + "in": "query", + "name": "id", + "schema": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": ".\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-sbom-download-registry", + "summary": "Download SBOM Registry" + } + }, + "/api/v32.06/sbom/download/serverless": { + "get": { + "description": { + "$ref": "desc/sbom/download_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": ".\n", + "in": "query", + "name": "id", + "schema": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": ".\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-sbom-download-serverless", + "summary": "Download SBOM Serverless" + } + }, + "/api/v32.06/sbom/download/vms": { + "get": { + "description": { + "$ref": "desc/sbom/download_vms_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": ".\n", + "in": "query", + "name": "id", + "schema": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": ".\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-sbom-download-vms", + "summary": "Download SBOM VMs" + } + }, + "/api/v32.06/scans": { + "get": { + "description": { + "$ref": "desc/scans/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scan ID used in the image layers fetch.\n", + "in": "query", + "name": "_id", + "schema": { + "type": "string" + } + }, + { + "description": "Jenkins job name.\n", + "in": "query", + "name": "jobName", + "schema": { + "description": "Jenkins job name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Scan type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to filter on passed scans (true) or not (false).\n", + "in": "query", + "name": "pass", + "schema": { + "type": "boolean" + } + }, + { + "description": "Build number.\n", + "in": "query", + "name": "build", + "schema": { + "type": "string" + } + }, + { + "description": "Image ID of scanned image.\n", + "in": "query", + "name": "imageID", + "schema": { + "type": "string" + } + }, + { + "description": "Indicates if CVEs are mapped to image layer (true) or not (false).\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by start datetime. Based on scan time.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by end datetime. Based on scan time.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates if base image vulnerabilities are to be filtered (true) or not (false). Requires predefined base images that have already been scanned.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CLIScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-scans", + "summary": "Get All CI Image Scan Results" + }, + "post": { + "description": { + "$ref": "desc/scans/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CLIScanResult" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-scans", + "summary": "Add CLI Scan Result" + } + }, + "/api/v32.06/scans/download": { + "get": { + "description": { + "$ref": "desc/scans/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scan ID used in the image layers fetch.\n", + "in": "query", + "name": "_id", + "schema": { + "type": "string" + } + }, + { + "description": "Jenkins job name.\n", + "in": "query", + "name": "jobName", + "schema": { + "description": "Jenkins job name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Scan type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to filter on passed scans (true) or not (false).\n", + "in": "query", + "name": "pass", + "schema": { + "type": "boolean" + } + }, + { + "description": "Build number.\n", + "in": "query", + "name": "build", + "schema": { + "type": "string" + } + }, + { + "description": "Image ID of scanned image.\n", + "in": "query", + "name": "imageID", + "schema": { + "type": "string" + } + }, + { + "description": "Indicates if CVEs are mapped to image layer (true) or not (false).\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by start datetime. Based on scan time.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by end datetime. Based on scan time.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates if base image vulnerabilities are to be filtered (true) or not (false). Requires predefined base images that have already been scanned.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-scans-download", + "summary": "Download CI Image Scan Results" + } + }, + "/api/v32.06/scans/{id}": { + "get": { + "description": { + "$ref": "desc/scans/id_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-scans-id", + "summary": "Get CI Image Scan Results" + } + }, + "/api/v32.06/serverless": { + "get": { + "description": { + "$ref": "desc/serverless/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_serverless.FunctionInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-serverless", + "summary": "Get Serverless Function Scan Results" + } + }, + "/api/v32.06/serverless/download": { + "get": { + "description": { + "$ref": "desc/serverless/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-serverless-download", + "summary": "Download Serverless Function Scan Results" + } + }, + "/api/v32.06/serverless/evaluate": { + "post": { + "description": { + "$ref": "desc/serverless/evaluate_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveFunctionsReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveFunctionsResp" + } + } + }, + "description": "ResolveFunctionsResp represents the functions resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-serverless-evaluate", + "summary": "Resolve Functions" + } + }, + "/api/v32.06/serverless/names": { + "get": { + "description": { + "$ref": "desc/serverless/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-serverless-names", + "summary": "Get Serverless Function Names" + } + }, + "/api/v32.06/serverless/scan": { + "post": { + "description": { + "$ref": "desc/serverless/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-serverless-scan", + "summary": "Start Serverless Function Scan" + } + }, + "/api/v32.06/serverless/stop": { + "post": { + "description": { + "$ref": "desc/serverless/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-serverless-stop", + "summary": "Stop Serverless Function Scan" + } + }, + "/api/v32.06/settings/certificates": { + "post": { + "description": { + "$ref": "desc/settings/certificates_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertificateSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-certificates", + "summary": "Add Certificate Settings for Clients Accessing a Custom CA" + } + }, + "/api/v32.06/settings/certs": { + "get": { + "description": { + "$ref": "desc/settings/certs_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertSettings" + } + } + }, + "description": "CertSettings are the certificates settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-certs", + "summary": "Get Certificate Settings for Prisma Cloud Compute" + }, + "post": { + "description": { + "$ref": "desc/settings/certs_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-certs", + "summary": "Add Certificate Settings for Prisma Cloud Compute" + } + }, + "/api/v32.06/settings/console-certificate": { + "post": { + "description": { + "$ref": "desc/settings/console-certificates_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ConsoleCertificateSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-console-certificate", + "summary": "Add Certificate Settings for Clients Accessing Prisma Cloud Compute" + } + }, + "/api/v32.06/settings/custom-labels": { + "get": { + "description": { + "$ref": "desc/settings/custom-labels_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + } + } + }, + "description": "CustomLabelsSettings are customized label names that are used to augment audit events\nThey can either be docker labels (which appears in the container label specification)\nor k8s/openshift labels (which appears in the pause container that monitors the target container)" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "user", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-custom-labels", + "summary": "Get Alert Labels" + }, + "post": { + "description": { + "$ref": "desc/settings/custom-labels_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-custom-labels", + "summary": "Add Alert Labels" + } + }, + "/api/v32.06/settings/defender": { + "get": { + "description": { + "$ref": "desc/settings/defender_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Settings" + } + } + }, + "description": "Settings is the Defender settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-defender", + "summary": "Get Advanced Defender Settings" + } + }, + "/api/v32.06/settings/intelligence": { + "get": { + "description": { + "$ref": "desc/settings/intelligence_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/intelligence.IntelligenceSettings" + } + } + }, + "description": "IntelligenceSettings are the intelligence service settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-intelligence", + "summary": "Get Intelligence Stream Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/intelligence_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/intelligence.IntelligenceSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-intelligence", + "summary": "Add Intelligence Stream Settings" + } + }, + "/api/v32.06/settings/ldap": { + "get": { + "description": { + "$ref": "desc/settings/ldap_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.LdapSettings" + } + } + }, + "description": "LdapSettings are the ldap connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-ldap", + "summary": "Get LDAP Integration Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/ldap_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.LdapSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-ldap", + "summary": "Add LDAP Integration Settings" + } + }, + "/api/v32.06/settings/license": { + "get": { + "description": { + "$ref": "desc/settings/license_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.License" + } + } + }, + "description": "License represent the customer license" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-license", + "summary": "Get Prisma Cloud Compute License" + }, + "post": { + "description": { + "$ref": "desc/settings/license_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.LicenseRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "privilegedOperations", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-license", + "summary": "Add Prisma Cloud Compute License" + } + }, + "/api/v32.06/settings/logging": { + "get": { + "description": { + "$ref": "desc/settings/logging_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.LoggingSettings" + } + } + }, + "description": "LoggingSettings are the logging settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-logging", + "summary": "Get Logging Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/logging_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.LoggingSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-logging", + "summary": "Add Logging Settings" + } + }, + "/api/v32.06/settings/logon": { + "get": { + "description": { + "$ref": "desc/settings/logon_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LogonSettings" + } + } + }, + "description": "LogonSettings are settings associated with the login properties" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-logon", + "summary": "Get Logon Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/logon_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LogonSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-logon", + "summary": "Add Logon Settings" + } + }, + "/api/v32.06/settings/oauth": { + "get": { + "description": { + "$ref": "desc/settings/oauth_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + }, + "description": "ProviderSettings are the Oauth/ OpenID Connect connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-oauth", + "summary": "Get OAuth Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/oauth_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-oauth", + "summary": "Add OAuth Settings" + } + }, + "/api/v32.06/settings/oidc": { + "get": { + "description": { + "$ref": "desc/settings/oidc_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + }, + "description": "ProviderSettings are the Oauth/ OpenID Connect connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-oidc", + "summary": "Get Open ID Connect Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/oidc_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-oidc", + "summary": "Add Open ID Connect Settings" + } + }, + "/api/v32.06/settings/proxy": { + "get": { + "description": { + "$ref": "desc/settings/proxy_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.ProxySettings" + } + } + }, + "description": "ProxySettings are the http proxy settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-proxy", + "summary": "Get Proxy Settings of Prisma Cloud Compute" + }, + "post": { + "description": { + "$ref": "desc/settings/proxy_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.ProxySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-proxy", + "summary": "Add Proxy Settings for Prisma Cloud Compute" + } + }, + "/api/v32.06/settings/registry": { + "get": { + "description": { + "$ref": "desc/settings/registry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySettings" + } + } + }, + "description": "RegistrySettings contains each registry's unique settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-registry", + "summary": "Get Registry Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/registry_post.md" + }, + "parameters": [ + { + "description": "ScanLater indicates to save the setting without starting a scan.\n", + "in": "query", + "name": "scanLater", + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-registry", + "summary": "Add Registry Settings" + }, + "put": { + "description": { + "$ref": "desc/settings/registry_put.md" + }, + "parameters": [ + { + "description": "ScanLater indicates to save the setting without starting a scan.\n", + "in": "query", + "name": "scanLater", + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-settings-registry", + "summary": "Update Registry Settings" + } + }, + "/api/v32.06/settings/saml": { + "get": { + "description": { + "$ref": "desc/settings/saml_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + } + }, + "description": "SamlSettings are the saml connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-saml", + "summary": "Get SAML Settings of Prisma Cloud Compute" + }, + "post": { + "description": { + "$ref": "desc/settings/saml_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-saml", + "summary": "Add SAML Settings for Prisma Cloud Compute" + } + }, + "/api/v32.06/settings/scan": { + "get": { + "description": { + "$ref": "desc/settings/scan_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ScanSettings" + } + } + }, + "description": "ScanSettings are global settings for image/host/container and registry scanning" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-scan", + "summary": "Get Global Scan Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ScanSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-scan", + "summary": "Add Global Scan Settings" + } + }, + "/api/v32.06/settings/tas": { + "get": { + "description": { + "$ref": "desc/settings/tas_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TASDropletSpecification" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-tas", + "summary": "Get TAS Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/tas_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TASDropletSpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-tas", + "summary": "Add TAS Settings" + } + }, + "/api/v32.06/settings/telemetry": { + "get": { + "description": { + "$ref": "desc/settings/telemetry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.TelemetrySettings" + } + } + }, + "description": "TelemetrySettings is the telemetry settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-telemetry", + "summary": "Get Telemetry Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/telemetry_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.TelemetrySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-telemetry", + "summary": "Enable or Disable Telemetry Settings" + } + }, + "/api/v32.06/settings/trusted-certificate": { + "post": { + "description": { + "$ref": "desc/settings/telemetry_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertData" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + } + } + }, + "description": "TrustedCertSignature represents a trusted cert settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-trusted-certificate", + "summary": "Add a Certificate to a Trusted Certificate List" + } + }, + "/api/v32.06/settings/trusted-certificates": { + "post": { + "description": { + "$ref": "desc/settings/telemetry_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.TrustedCertSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-trusted-certificates", + "summary": "Add Trusted Certificate Settings" + } + }, + "/api/v32.06/settings/vm": { + "get": { + "description": { + "$ref": "desc/settings/vm_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.VMSpecification" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-vm", + "summary": "Get VM Image Scan Settings" + }, + "put": { + "description": { + "$ref": "desc/settings/vm_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.VMSpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-settings-vm", + "summary": "Update VM Image Scan Settings" + } + }, + "/api/v32.06/settings/wildfire": { + "get": { + "description": { + "$ref": "desc/settings/wildfire_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.WildFireSettings" + } + } + }, + "description": "WildFireSettings are the settings for WildFire API requests" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-wildfire", + "summary": "Wild Fire Settings" + } + }, + "/api/v32.06/stats/app-firewall/count": { + "get": { + "description": { + "$ref": "desc/stats/app_firewall_count_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/int" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-app-firewall-count", + "summary": "Application Firewall Count" + } + }, + "/api/v32.06/stats/compliance": { + "get": { + "description": { + "$ref": "desc/stats/compliance_get.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ComplianceStats" + } + } + }, + "description": "ComplianceStats holds compliance data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-compliance", + "summary": "Get Compliance Stats" + } + }, + "/api/v32.06/stats/compliance/download": { + "get": { + "description": { + "$ref": "desc/stats/compliance_download_get.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-compliance-download", + "summary": "Download Compliance Stats" + } + }, + "/api/v32.06/stats/compliance/refresh": { + "post": { + "description": { + "$ref": "desc/stats/compliance_refresh.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ComplianceStats" + } + } + }, + "description": "ComplianceStats holds compliance data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-stats-compliance-refresh", + "summary": "Refresh Compliance Stats" + } + }, + "/api/v32.06/stats/daily": { + "get": { + "description": { + "$ref": "desc/stats/daily_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.Stats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-daily", + "summary": "Get Daily Compliance Stats" + } + }, + "/api/v32.06/stats/dashboard": { + "get": { + "description": { + "$ref": "desc/stats/dashboard_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Trends" + } + } + }, + "description": "Trends contains data on global trends in the system" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-dashboard", + "summary": "Get Dashboard Stats" + } + }, + "/api/v32.06/stats/events": { + "get": { + "description": { + "$ref": "desc/stats/events_get.md" + }, + "parameters": [ + { + "description": "Collections are collections scoping the query.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Collections are collections scoping the query.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountIDs are the account IDs scoping the query.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "AccountIDs are the account IDs scoping the query.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.EventStats" + } + } + }, + "description": "EventStats holds counters for all event types" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-events", + "summary": "Get Event Stats" + } + }, + "/api/v32.06/stats/license": { + "get": { + "description": { + "$ref": "desc/stats/license_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LicenseStats" + } + } + }, + "description": "LicenseStats holds the console license stats" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-license", + "summary": "Get Event Stats" + } + }, + "/api/v32.06/stats/vulnerabilities": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is the single CVE ID to return vulnerability data for.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.VulnerabilityStats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-vulnerabilities", + "summary": "Get Vulnerability (CVEs) Stats" + } + }, + "/api/v32.06/stats/vulnerabilities/download": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is the single CVE ID to return vulnerability data for.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-vulnerabilities-download", + "summary": "Download Vulnerability (CVEs) Stats" + } + }, + "/api/v32.06/stats/vulnerabilities/impacted-resources": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_impacted_resources_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is used to as a pivot for the impacted resource search.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.VulnImpactedResources" + } + } + }, + "description": "VulnImpactedResources holds details about the resources impacted by vulnerability" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-vulnerabilities-impacted-resources", + "summary": "Get Impacted Resources Vulnerability (CVE) Stats" + } + }, + "/api/v32.06/stats/vulnerabilities/impacted-resources/download": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_impacted_resources_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is used to as a pivot for the impacted resource search.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-vulnerabilities-impacted-resources-download", + "summary": "Download Impacted Resources Vulnerability (CVE) Stats" + } + }, + "/api/v32.06/stats/vulnerabilities/refresh": { + "post": { + "description": { + "$ref": "desc/stats/vulnerabilities_refresh_post.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.VulnerabilityStats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-stats-vulnerabilities-refresh", + "summary": "Refresh Vulnerability Stats" + } + }, + "/api/v32.06/statuses/buildah": { + "get": { + "description": { + "$ref": "desc/statuses/buildah_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.BuildahFeatureStatus" + } + } + }, + "description": "BuildahFeatureStatus holds the response for the buildah feature status" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Statuses" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-statuses-buildah", + "summary": "Buildah Feature Status returns the buildah feature status" + } + }, + "/api/v32.06/statuses/registry": { + "get": { + "description": { + "$ref": "desc/statuses/registry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.ScanStatus" + } + } + }, + "description": "ScanStatus represents the status of current scan" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Statuses" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-statuses-registry", + "summary": "Get Registry Scan Status" + } + }, + "/api/v32.06/tags": { + "get": { + "description": { + "$ref": "desc/tags/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Tag" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-tags", + "summary": "Get Tags" + }, + "post": { + "description": { + "$ref": "desc/tags/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Tag" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-tags", + "summary": "Add Tags" + } + }, + "/api/v32.06/tags/{id}": { + "delete": { + "description": { + "$ref": "desc/tags/name_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-tags-id", + "summary": "Delete a Tag" + }, + "put": { + "description": { + "$ref": "desc/tags/name_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Tag" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-tags-id", + "summary": "Update a Tag" + } + }, + "/api/v32.06/tags/{id}/vuln": { + "delete": { + "description": { + "$ref": "desc/tags/tag_cve_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-tags-id-vuln", + "summary": "Delete Tag Vulnerability Metadata" + }, + "post": { + "description": { + "$ref": "desc/tags/tag_cve_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.TagVulnMetadata" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-tags-id-vuln", + "summary": "Set Tag Vulnerability Metadata" + } + }, + "/api/v32.06/tas-droplets": { + "get": { + "description": { + "$ref": "desc/tas-droplets/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_serverless.FunctionInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-tas-droplets", + "summary": "Get TAS Droplets" + } + }, + "/api/v32.06/tas-droplets/addresses": { + "get": { + "description": { + "$ref": "desc/tas-droplets/get_tas_addresses.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-tas-droplets-addresses", + "summary": "TAS Cloud Controller Addresses" + } + }, + "/api/v32.06/tas-droplets/download": { + "get": { + "description": { + "$ref": "desc/tas-droplets/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-tas-droplets-download", + "summary": "Download TAS Droplets" + } + }, + "/api/v32.06/tas-droplets/progress": { + "get": { + "description": { + "$ref": "desc/tas-droplets/progress_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Progress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-tas-droplets-progress", + "summary": "View TAS Droplets Scan Progress" + } + }, + "/api/v32.06/tas-droplets/scan": { + "post": { + "description": { + "$ref": "desc/tas-droplets/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-tas-droplets-scan", + "summary": "Scan TAS Droplets" + } + }, + "/api/v32.06/tas-droplets/stop": { + "post": { + "description": { + "$ref": "desc/tas-droplets/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-tas-droplets-stop", + "summary": "Stop TAS Droplets Ongoing Scan" + } + }, + "/api/v32.06/trust/data": { + "get": { + "description": { + "$ref": "desc/trust/data_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/trust.Data" + } + } + }, + "description": "Data holds the image trust data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Trust" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-trust-data", + "summary": "Get Trusted Repository, Image, and Registry" + }, + "put": { + "description": { + "$ref": "desc/trust/data_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/trust.Data" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Trust" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-trust-data", + "summary": "Update Trusted Repository, Image, and Registry" + } + }, + "/api/v32.06/users": { + "get": { + "description": { + "$ref": "desc/users/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.UserList" + } + } + }, + "description": "UserList represents a list of users" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-users", + "summary": "Get Users" + }, + "post": { + "description": { + "$ref": "desc/users/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.User" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-users", + "summary": "Add Users" + }, + "put": { + "description": { + "$ref": "desc/users/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.User" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-users", + "summary": "Update Users" + } + }, + "/api/v32.06/users/password": { + "put": { + "description": { + "$ref": "desc/users/password_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.UserPassword" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "user", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-users-password", + "summary": "Update User Password" + } + }, + "/api/v32.06/users/{id}": { + "delete": { + "description": { + "$ref": "desc/users/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-users-id", + "summary": "Delete Users" + } + }, + "/api/v32.06/util/arm64/twistcli": { + "get": { + "description": { + "$ref": "desc/util/twistcli_arm64_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-util-arm64-twistcli", + "summary": "Download ARM64 twistcli for Linux OS" + } + }, + "/api/v32.06/util/osx/arm64/twistcli": { + "get": { + "description": { + "$ref": "desc/util/osx_twistcli_arm64_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-util-osx-arm64-twistcli", + "summary": "Download ARM64 twistcli for MacOS" + } + }, + "/api/v32.06/util/osx/twistcli": { + "get": { + "description": { + "$ref": "desc/util/osx_twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-util-osx-twistcli", + "summary": "Download twistcli for MacOS" + } + }, + "/api/v32.06/util/twistcli": { + "get": { + "description": { + "$ref": "desc/util/twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-util-twistcli", + "summary": "Download twistcli for Linux OS" + } + }, + "/api/v32.06/util/windows/twistcli.exe": { + "get": { + "description": { + "$ref": "desc/util/windows_twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-util-windows-twistcli.exe", + "summary": "Download twistcli for Microsoft Windows" + } + }, + "/api/v32.06/version": { + "get": { + "description": { + "$ref": "desc/version/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Version" + ], + "x-prisma-cloud-target-env": { + "permission": "user", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-version", + "summary": "Get Prisma Cloud Compute Version" + } + }, + "/api/v32.06/vms": { + "get": { + "description": { + "$ref": "desc/vms/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-vms", + "summary": "Get VM Image Scan Results" + } + }, + "/api/v32.06/vms/download": { + "get": { + "description": { + "$ref": "desc/vms/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-vms-download", + "summary": "Download VM Image Scan Results" + } + }, + "/api/v32.06/vms/labels": { + "get": { + "description": { + "$ref": "desc/vms/labels_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-vms-labels", + "summary": "Get VM Image Tags" + } + }, + "/api/v32.06/vms/names": { + "get": { + "description": { + "$ref": "desc/vms/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-vms-names", + "summary": "Get VM Image Names" + } + }, + "/api/v32.06/vms/scan": { + "post": { + "description": { + "$ref": "desc/vms/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-vms-scan", + "summary": "Start VM Image Scan" + } + }, + "/api/v32.06/vms/stop": { + "post": { + "description": { + "$ref": "desc/vms/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-vms-stop", + "summary": "Stop VM Image Scan" + } + }, + "/api/v32.06/waas/openapi-scans": { + "post": { + "description": { + "$ref": "desc/waas/openapi-scans_post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.OpenAPIScan" + } + } + }, + "description": "OpenAPIScan represents the OpenAPI file scan" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Waas" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-waas-openapi-scans", + "summary": "Scan OpenAPI Specification File for WAAS Observations" + } + } + }, + "tags": [ + { + "name": "Active-Assets" + }, + { + "name": "Agentless", + "description": { + "$ref": "desc/agentless/agentless.md" + } + }, + { + "name": "Alert-Profiles" + }, + { + "name": "Application-Control", + "description": { + "$ref": "desc/application-control/application-control.md" + } + }, + { + "name": "Audits", + "description": { + "$ref": "desc/audits/audits.md" + } + }, + { + "name": "Authenticate", + "description": { + "$ref": "desc/authenticate/authenticate.md" + } + }, + { + "name": "Authenticate-Client", + "description": { + "$ref": "desc/authenticate-client/authenticate-client.md" + } + }, + { + "name": "Backups" + }, + { + "name": "Bff" + }, + { + "name": "Ccs" + }, + { + "name": "Certs", + "description": { + "$ref": "desc/certs/certs.md" + } + }, + { + "name": "Cloud", + "description": { + "$ref": "desc/cloud/cloud.md" + } + }, + { + "name": "Cloud-Scan-Rules" + }, + { + "name": "Cloud-Security-Agent" + }, + { + "name": "Clustered-Db" + }, + { + "name": "Coderepos-Ci" + }, + { + "name": "Collections", + "description": { + "$ref": "desc/collections/collections.md" + } + }, + { + "name": "Config" + }, + { + "name": "Containers", + "description": { + "$ref": "desc/containers/containers.md" + } + }, + { + "name": "Credentials", + "description": { + "$ref": "desc/credentials/credentials.md" + } + }, + { + "name": "Current" + }, + { + "name": "Custom-Compliance", + "description": { + "$ref": "desc/custom-compliance/custom-compliance.md" + } + }, + { + "name": "Custom-Rules", + "description": { + "$ref": "desc/custom-rules/custom-rules.md" + } + }, + { + "name": "Cves" + }, + { + "name": "Defenders", + "description": { + "$ref": "desc/defenders/defenders.md" + } + }, + { + "name": "Deployment" + }, + { + "name": "Feeds", + "description": { + "$ref": "desc/feeds/feeds.md" + } + }, + { + "name": "Forensic" + }, + { + "name": "Groups", + "description": { + "$ref": "desc/groups/groups.md" + } + }, + { + "name": "Harbor" + }, + { + "name": "Hosts", + "description": { + "$ref": "desc/hosts/hosts.md" + } + }, + { + "name": "Images", + "description": { + "$ref": "desc/images/images.md" + } + }, + { + "name": "Kubernetes" + }, + { + "name": "Logout" + }, + { + "name": "Logs" + }, + { + "name": "Policies", + "description": { + "$ref": "desc/policies/policies.md" + } + }, + { + "name": "Profiles", + "description": { + "$ref": "desc/profiles/profiles.md" + } + }, + { + "name": "Projects" + }, + { + "name": "Radar" + }, + { + "name": "Rbac" + }, + { + "name": "Registry", + "description": { + "$ref": "desc/registry/registry.md" + } + }, + { + "name": "Registry-Count" + }, + { + "name": "Runtime" + }, + { + "name": "Sandbox", + "description": { + "$ref": "desc/sandbox/sandbox.md" + } + }, + { + "name": "Sbom", + "description": { + "$ref": "desc/sbom/sbom_intro.md" + } + }, + { + "name": "Scans", + "description": { + "$ref": "desc/scans/scans.md" + } + }, + { + "name": "Scripts" + }, + { + "name": "Security-Advisor" + }, + { + "name": "Serverless", + "description": { + "$ref": "desc/serverless/serverless.md" + } + }, + { + "name": "Settings", + "description": { + "$ref": "desc/settings/settings.md" + } + }, + { + "name": "Signup", + "description": { + "$ref": "desc/signup/signup.md" + } + }, + { + "name": "Static" + }, + { + "name": "Stats", + "description": { + "$ref": "desc/stats/stats.md" + } + }, + { + "name": "Statuses", + "description": { + "$ref": "desc/statuses/statuses.md" + } + }, + { + "description": "This API is an officially supported route", + "externalDocs": { + "url": "https://cdn.twistlock.com/docs/api/twistlock_api.html" + }, + "name": "Supported API" + }, + { + "name": "Tags", + "description": { + "$ref": "desc/tags/tags.md" + } + }, + { + "name": "Tas-Droplets" + }, + { + "name": "Trust", + "description": { + "$ref": "desc/trust/trust.md" + } + }, + { + "name": "Trusted-Images" + }, + { + "name": "Users", + "description": { + "$ref": "desc/users/users.md" + } + }, + { + "name": "Util", + "description": { + "$ref": "desc/util/util.md" + } + }, + { + "name": "Version", + "description": { + "$ref": "desc/version/version.md" + } + }, + { + "name": "Vms", + "description": { + "$ref": "desc/vms/vms.md" + } + }, + { + "name": "Waas" + }, + { + "name": "Xsoar-Alerts" + }, + { + "name": "_Ping", + "description": { + "$ref": "desc/_ping/_ping.md" + } + } + ] +} \ No newline at end of file diff --git a/openapi-specs/cspm/Alerts.json b/openapi-specs/cspm/Alerts.json index eaa6c4afc..a1374bc2f 100644 --- a/openapi-specs/cspm/Alerts.json +++ b/openapi-specs/cspm/Alerts.json @@ -360,7 +360,7 @@ "type": "string" }, "reason": { - "description": "Reason", + "description": "The reason for an alert's status. For more information on Alert reasons see [View and Respond to Prisma Cloud Alerts](https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/view-respond-to-prisma-cloud-alerts) and [Prisma Cloud Alert Resolution Reasons](https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/prisma-cloud-alert-resolution-reasons)", "readOnly": true, "type": "string" }, diff --git a/openapi-specs/cspm/AlertsMicroServices.json b/openapi-specs/cspm/AlertsMicroServices.json index 802dd508f..a477c5f3d 100644 --- a/openapi-specs/cspm/AlertsMicroServices.json +++ b/openapi-specs/cspm/AlertsMicroServices.json @@ -1653,6 +1653,22 @@ } } }, + "CountDetails": { + "type": "object", + "description": "Total Count of Alerts and Policies returned", + "properties": { + "totalAlerts": { + "type": "integer", + "format": "int64", + "default": 100 + }, + "totalPolicies": { + "type": "integer", + "format": "int64", + "default": 30 + } + } + }, "TimeRangeConfigModel": { "required": [ "type" @@ -1674,7 +1690,6 @@ "Field for range": { "type": "string", "enum": [ - "lastOpenStateTs", "lastStatusChangeTs", "lastOpenStateTs" ] @@ -2176,6 +2191,9 @@ "$ref": "#/components/schemas/PolicyVO" } }, + "countDetails": { + "$ref": "#/components/schemas/CountDetails" + }, "nextPageToken": { "type": "string", "description": "token to fetch the next page" @@ -2390,6 +2408,9 @@ "groupBy": { "type": "string" }, + "countDetails": { + "$ref": "#/components/schemas/CountDetails" + }, "nextPageToken": { "type": "string" } diff --git a/openapi-specs/cspm/AuditLogs.json b/openapi-specs/cspm/AuditLogs.json index 6c5c7a22f..1e647fabd 100644 --- a/openapi-specs/cspm/AuditLogs.json +++ b/openapi-specs/cspm/AuditLogs.json @@ -59,6 +59,7 @@ "get": { "description": "Returns audit logs for events that took place on the Prisma Cloud platform.", "operationId": "rl-audit-logs", + "x-public": "true", "parameters": [ { "description": "Time Type", @@ -116,6 +117,9 @@ }, "400": { "description": "bad_request" + }, + "413": { + "description": "too_many_matching_results_reduce_time_range" } }, "security": [ diff --git a/openapi-specs/cspm/CDEMMicroServices.json b/openapi-specs/cspm/CDEMMicroServices.json index f9f44cdaf..7bf188943 100644 --- a/openapi-specs/cspm/CDEMMicroServices.json +++ b/openapi-specs/cspm/CDEMMicroServices.json @@ -1644,6 +1644,18 @@ "UNMAPPED" ] } + }, + "managedCommunication": { + "description": "This parameter is used to filter unmanaged assets based on the unmanaged assets communication with managed assets.\n\n The default value is **False**.\n\n True - To get all the unmanaged assets communicating with managed assets on Prisma Cloud.\n\n False - To get all the unmanaged assets that are not communicating with managed assets on Prisma Cloud.\n\n Empty array or specifying both [True, False] - To get all unmanaged assets irrespective of their connection with managed assets.\n", + "uniqueItems": true, + "type": "array", + "items": { + "type": "string", + "enum": [ + "TRUE", + "FALSE" + ] + } } } }, @@ -2087,6 +2099,18 @@ "UNMAPPED" ] } + }, + "managedCommunication": { + "description": "This parameter is used to filter unmanaged assets based on the unmanaged assets communication with managed assets.\n\n The default value is **False**.\n\n True - To get all the unmanaged assets communicating with managed assets on Prisma Cloud.\n\n False - To get all the unmanaged assets that are not communicating with managed assets on Prisma Cloud.\n\n Empty array or specifying both [True, False] - To get all unmanaged assets irrespective of their connection with managed assets.\n", + "uniqueItems": true, + "type": "array", + "items": { + "type": "string", + "enum": [ + "TRUE", + "FALSE" + ] + } } } }, @@ -2150,6 +2174,7 @@ "uniqueItems": true, "type": "array", "items": { + "title": "Service types", "type": "string" } }, @@ -2190,6 +2215,18 @@ "UNMAPPED" ] } + }, + "managedCommunication": { + "description": "This parameter is used to filter unmanaged assets based on the unmanaged assets communication with managed assets.\n\n The default value is **False**.\n\n True - To get all the unmanaged assets communicating with managed assets on Prisma Cloud.\n\n False - To get all the unmanaged assets that are not communicating with managed assets on Prisma Cloud.\n\n Empty array or specifying both [True, False] - To get all unmanaged assets irrespective of their connection with managed assets.\n", + "uniqueItems": true, + "type": "array", + "items": { + "type": "string", + "enum": [ + "TRUE", + "FALSE" + ] + } } } }, @@ -2972,6 +3009,18 @@ "UNMAPPED" ] } + }, + "managedCommunication": { + "description": "This parameter is used to filter unmanaged assets based on the unmanaged assets communication with managed assets.\n\n The default value is **False**.\n\n True - To get all the unmanaged assets communicating with managed assets on Prisma Cloud.\n\n False - To get all the unmanaged assets that are not communicating with managed assets on Prisma Cloud.\n\n Empty array or specifying both [True, False] - To get all unmanaged assets irrespective of their connection with managed assets.\n", + "uniqueItems": true, + "type": "array", + "items": { + "type": "string", + "enum": [ + "TRUE", + "FALSE" + ] + } } } } diff --git a/openapi-specs/cspm/SearchMicroService.json b/openapi-specs/cspm/SearchMicroService.json index 6e3401e01..59add4bdc 100644 --- a/openapi-specs/cspm/SearchMicroService.json +++ b/openapi-specs/cspm/SearchMicroService.json @@ -162,7 +162,7 @@ "Search" ], "summary": "Perform Config Search by Query", - "description": "Returns the results of an RQL config query. With config queries, you can retrieve resource information, identify misconfigurations, gain operational insights, and uncover policy and compliance violations.", + "description": "Returns the results of an RQL config query. With config queries, you can retrieve resource information, identify misconfigurations, gain operational insights, and uncover policy and compliance violations.\n\nWhen a query returns over 100 results, use the value of `nextPageToken` as the request parameter `pageToken` in the [Get The Next Search Page](/prisma-cloud/api/cspm/search-config-page/) endpoint to retrieve the next page of search results.", "operationId": "search-config-by-query", "requestBody": { "description": "Config rule search by query request parameters model", @@ -317,7 +317,7 @@ "Search" ], "summary": "Perform Config Search V2", - "description": "* Returns the results of an RQL config query.\n* With config queries, you can retrieve resource information, identify misconfigurations, gain operational insights, and uncover policy and compliance violations. \n* The request specification now includes the startTime value, indicating the start time for the search. Additionally, the end time is implicitly set to the current system time. \n* The response has been updated to the transition of the value associated with 'resourceType' to newer and more descriptive name. (Ex: Instance to \"EC2 Instance\" for config query to list all EC2 instances). Additionally, A new field 'resourceTypeId' is introduced, which serves as a unique identifier for the resourceType", + "description": "* Returns the results of an RQL config query.\n* With config queries, you can retrieve resource information, identify misconfigurations, gain operational insights, and uncover policy and compliance violations. \n* The request specification now includes the startTime value, indicating the start time for the search. Additionally, the end time is implicitly set to the current system time. \n* The response has been updated to the transition of the value associated with 'resourceType' to newer and more descriptive name. (Ex: Instance to \"EC2 Instance\" for config query to list all EC2 instances). Additionally, A new field 'resourceTypeId' is introduced, which serves as a unique identifier for the resourceType.\n\nWhen a query returns over 100 results, use the value of `nextPageToken` as the request parameter `pageToken` in the [Get The Next Search Page](/prisma-cloud/api/cspm/search-config-page/) endpoint to retrieve the next page of search results.", "operationId": "search-config-v2", "requestBody": { "description": "Config rule search by query request parameters model", @@ -626,7 +626,7 @@ "Search" ], "summary": "Get The Next Config Search Page", - "description": "Returns the next page of search results, using a token provided from the previous page. Used for when there are over 100 search results for a given RQL query.", + "description": "Returns the next page of search results, using a token provided from the previous page. Used for when there are over 100 search results for a given RQL query.\n\nAn initial config search request will return `nextPageToken` that can be used for the request paramater `pageToken`.\n", "operationId": "search-config-page", "requestBody": { "description": "Config rule page parameters model", diff --git a/openapi-specs/cspm/UVEDashboardMicroService.json b/openapi-specs/cspm/UVEDashboardMicroService.json index 394deabb4..a99304f83 100644 --- a/openapi-specs/cspm/UVEDashboardMicroService.json +++ b/openapi-specs/cspm/UVEDashboardMicroService.json @@ -7,14 +7,14 @@ "tags": [ { "name": "Vulnerabilities Dashboard", - "description": "Vulnerabilities Dashboard(UVE) gives you a holistic graphical view of all the vulnerabilities across your Code to Cloud environment. The APIs in this section helps you to get the details that are displayed in the Vulnerabilities Dashboard widget based on various filters. You can asses the vulnerabilities and create request to remediate or mitigate the vulnerability. For more information about the Vulnerabilities Dashboard, see [Vulnerabilities Dashboard](https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards-vulnerabilities)." + "description": "Vulnerabilities Dashboard(UVE) gives you a holistic graphical view of all the vulnerabilities across your Code to Cloud environment. The APIs in this section helps you to get the details that are displayed in the Vulnerabilities Dashboard widget based on various filters. You can asses the vulnerabilities and create request to remediate or mitigate the vulnerability. For more information about the Vulnerabilities Dashboard, see [Vulnerabilities Dashboard](https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards-vulnerabilities). \n>**Note:** You need specific access permission to use the endpoints in this category. For details on the required permissions, see the respective endpoint description. " } ], "paths": { "/uve/api/v1/dashboard/vulnerabilities/overview": { "get": { "summary": "Get Vulnerability Overview", - "description": "Returns a summary of the total vulnerabilities in your environment which is further divided into Vulnerabilities by Asset and Vulnerabilities that have already been remediated.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "description": "Returns a summary of the total vulnerabilities in your environment which is further divided into Vulnerabilities by Asset and Vulnerabilities that have already been remediated.\n>**Note:** You need 'vulnerabilityDashboard' feature with 'View' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "tags": [ "Vulnerabilities Dashboard" ], @@ -107,7 +107,7 @@ } }, "x-public": "true", - "x-ga": "24.1.1-darwin", + "x-ga": "24.1.1", "security": [ { "x-redlock-auth": [] @@ -118,7 +118,7 @@ "/uve/api/v2/dashboard/vulnerabilities/overview": { "get": { "summary": "Get Vulnerability Overview V2", - "description": "Returns a summary of the total runtime vulnerabilities in your environment which is further divided into runtime Vulnerabilities by Asset and Vulnerabilities that have already been remediated.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "description": "Returns a summary of the total runtime vulnerabilities in your environment which is further divided into runtime Vulnerabilities by Asset and Vulnerabilities that have already been remediated.\n>**Note:** You need 'vulnerabilityDashboard' feature with 'View' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "tags": [ "Vulnerabilities Dashboard" ], @@ -176,7 +176,7 @@ } }, "x-public": "true", - "x-ga": "24.2.1-darwin", + "x-ga": "24.2.1", "security": [ { "x-redlock-auth": [] @@ -187,7 +187,7 @@ "/uve/api/v1/dashboard/vulnerabilities/prioritised": { "get": { "summary": "Get Prioritized Vulnerabilities", - "description": "Returns the top-priority vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "description": "Returns the top-priority vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use. \n>**Note:** You need 'vulnerabilityDashboard' feature with 'View' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "tags": [ "Vulnerabilities Dashboard" ], @@ -280,7 +280,7 @@ } }, "x-public": "true", - "x-ga": "24.1.1-darwin", + "x-ga": "24.1.1", "security": [ { "x-redlock-auth": [] @@ -291,7 +291,7 @@ "/uve/api/v2/dashboard/vulnerabilities/prioritised": { "get": { "summary": "Get Prioritized Vulnerabilities V2", - "description": "Returns the top-priority unique vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use along with the number of assets they occur in\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "description": "Returns the top-priority unique vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use along with the number of assets they occur in. \n>**Note:** You need 'vulnerabilityDashboard' feature with 'View' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "tags": [ "Vulnerabilities Dashboard" ], @@ -395,7 +395,7 @@ "/uve/api/v3/dashboard/vulnerabilities/prioritised": { "get": { "summary": "Get Prioritized Vulnerabilities V3", - "description": "Returns the top-priority unique vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use along with the number of assets they occur in.\n This endpoint also returns vulnerabilities based on internet exposure, in addition to those from [Get Prioritized Vulnerabilities V2](https://pan.dev/prisma-cloud/api/cspm/prioritised-vulnerability-v-2/). ", + "description": "Returns the top-priority unique vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use along with the number of assets they occur in.\n This endpoint also returns vulnerabilities based on internet exposure, in addition to those from [Get Prioritized Vulnerabilities V2](https://pan.dev/prisma-cloud/api/cspm/prioritised-vulnerability-v-2/). \n>**Note:** You need 'vulnerabilityDashboard' feature with 'View' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled. ", "tags": [ "Vulnerabilities Dashboard" ], @@ -495,10 +495,113 @@ ] } }, + "/uve/api/v4/dashboard/vulnerabilities/prioritised": { + "get": { + "summary": "Get Prioritized Vulnerabilities V4", + "description": "Returns the top-priority vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use along with the number of assets they occur in. \n>**Note:** You need 'vulnerabilityDashboard' feature with 'View' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled. ", + "tags": [ + "Vulnerabilities Dashboard" + ], + "operationId": "prioritised-vulnerability-v4", + "parameters": [ + { + "name": "asset_type", + "description": "Type of Asset", + "in": "query", + "required": true, + "schema": { + "type": "string", + "enum": [ + "iac", + "package", + "deployedImage", + "serverlessFunction", + "host", + "registryImage", + "vmImage" + ] + } + }, + { + "name": "life_cycle", + "description": "Life Cycle stage", + "in": "query", + "required": true, + "schema": { + "type": "string", + "enum": [ + "code", + "build", + "deploy", + "run" + ] + } + } + ], + "responses": { + "200": { + "description": "Successful response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PrioritizedVulnerabilitiesV3" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "429": { + "description": "Too Many Requests", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, "/uve/api/v1/dashboard/vulnerabilities/impact-stage": { "get": { "summary": "Get Vulnerability Impact by Stage", - "description": "Returns a summary of vulnerability across app stages of your application lifecycle.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "description": "Returns a summary of vulnerability across app stages of your application lifecycle.\n>**Note:** You need 'vulnerabilityDashboard' feature with 'View' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "tags": [ "Vulnerabilities Dashboard" ], @@ -606,7 +709,7 @@ } }, "x-public": "true", - "x-ga": "24.1.1-darwin", + "x-ga": "24.1.1", "security": [ { "x-redlock-auth": [] @@ -617,7 +720,7 @@ "/uve/api/v1/dashboard/vulnerabilities/prioritised-vuln": { "get": { "summary": "Get Top Impacting Vulnerabilities", - "description": "Returns the CVEs of top critical vulnerabilities in your environment based on the risk score. Each CVE includes risk factors, severity, CVSS, risk factors, and assets impacted.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "description": "Returns the CVEs of top critical vulnerabilities in your environment based on the risk score. Each CVE includes risk factors, severity, CVSS, risk factors, and assets impacted.\n>**Note:** You need 'vulnerabilityDashboard' feature with 'View' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "tags": [ "Vulnerabilities Dashboard" ], @@ -715,7 +818,7 @@ "/uve/api/v2/dashboard/vulnerabilities/prioritised-vuln": { "get": { "summary": "Get Top Impacting Vulnerabilities V2", - "description": "Returns the CVEs of top critical vulnerabilities in your environment based on the risk score. Each CVE includes risk factors, epssScore, severity, CVSS, risk factors, and assets impacted.\n This endpoint returns the epss score details in addition to those from [Get Top Impacting Vulnerabilities](https://pan.dev/prisma-cloud/api/cspm/top-prioritised-vulnerability/).", + "description": "Returns the CVEs of top critical vulnerabilities in your environment based on the risk score. Each CVE includes risk factors, epssScore, severity, CVSS, risk factors, and assets impacted.\n This endpoint returns the epss score details in addition to those from [Get Top Impacting Vulnerabilities](https://pan.dev/prisma-cloud/api/cspm/top-prioritised-vulnerability/). \n>**Note:** You need 'vulnerabilityDashboard' feature with 'View' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "tags": [ "Vulnerabilities Dashboard" ], @@ -813,7 +916,7 @@ "/uve/api/v1/dashboard/vulnerabilities/cve-overview": { "get": { "summary": "Get CVE Overview", - "description": "Get the overview of the CVE with its CVSS score, the impacted stages, severity, risk factors, the package name, and the distros affected by this CVE.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "description": "Get the overview of the CVE with its CVSS score, the impacted stages, severity, risk factors, the package name, and the distributions affected by this CVE.", "tags": [ "Vulnerabilities Dashboard" ], @@ -973,7 +1076,7 @@ "/uve/api/v2/dashboard/vulnerabilities/burndown": { "get": { "summary": "Get Vulnerabilities Burndown", - "description": "Get the data for burndown chart.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "description": "Get the data for burndown chart.\n>**Note:** You need 'vulnerabilityDashboard' feature with 'View' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "tags": [ "Vulnerabilities Dashboard" ], @@ -1081,7 +1184,7 @@ } }, "x-public": "true", - "x-ga": "24.2.1-darwin", + "x-ga": "24.2.1", "security": [ { "x-redlock-auth": [] @@ -1092,7 +1195,7 @@ "/uve/api/v1/dashboard/vulnerabilities/vuln-assets": { "post": { "summary": "Get Vulnerable Assets by CVE", - "description": "Get the list of all the assets affected by the CVE.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "description": "Get the list of all the assets affected by the CVE.", "tags": [ "Vulnerabilities Dashboard" ], diff --git a/openapi-specs/cspm/UVERemediationMicroservice.json b/openapi-specs/cspm/UVERemediationMicroservice.json index c229542f8..298d278e4 100644 --- a/openapi-specs/cspm/UVERemediationMicroservice.json +++ b/openapi-specs/cspm/UVERemediationMicroservice.json @@ -54,7 +54,7 @@ "tags": [ { "name": "Vulnerabilities Dashboard", - "description": "Vulnerabilities Dashboard(UVE) gives you a holistic graphical view of all the vulnerabilities across your Code to Cloud environment. The APIs in this section helps you to get the details that are displayed in the Vulnerabilities Dashboard widget based on various filters. You can asses the vulnerabilities and create request to remediate or mitigate the vulnerability. For more information about the Vulnerabilities Dashboard, see [Vulnerabilities Dashboard](https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards-vulnerabilities)." + "description": "Vulnerabilities Dashboard(UVE) gives you a holistic graphical view of all the vulnerabilities across your Code to Cloud environment. The APIs in this section helps you to get the details that are displayed in the Vulnerabilities Dashboard widget based on various filters. You can asses the vulnerabilities and create request to remediate or mitigate the vulnerability. For more information about the Vulnerabilities Dashboard, see [Vulnerabilities Dashboard](https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards-vulnerabilities).\n>**Note:** You need specific access permission to use the endpoints in this category. For details on the required permissions, see the respective endpoint description. " } ], "paths": { @@ -65,7 +65,7 @@ "Vulnerabilities Dashboard" ], "operationId": "fetch-Remediation-Status", - "description": "Get the remediation action status of assets. You can get the remediation status at two levels: \n- **Asset level** - Get the remediation status of an asset by asset ID\n- **Group level** - Get the remediation status of all assets of a specific asset type. To get group level status, specify only the asset type and not the asset ID.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "description": "Get the remediation action status of assets. You can get the remediation status at two levels: \n- **Asset level** - Get the remediation status of an asset by asset ID\n- **Group level** - Get the remediation status of all assets of a specific asset type. To get group level status, specify only the asset type and not the asset ID.\n\n>**Note:** You need 'vulnerabilityRemediation' feature with 'View' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Alerts > Remediate Vulnerabilities** is enabled.", "requestBody": { "content": { "application/json": { @@ -156,7 +156,7 @@ } }, "x-public": "true", - "x-ga": "24.1.1-darwin", + "x-ga": "24.1.1", "security": [ { "x-redlock-auth": [] @@ -171,7 +171,7 @@ "Vulnerabilities Dashboard" ], "operationId": "create-Remediation-Request", - "description": "You create one of the following remediation action request for an asset or a set of assets:\n - Create a task or JIRA ticket \n - Create a merge request \n - Suppress the vulnerability \n\n Remediation action request can be created at the following levels:\n- **Asset level**- Perform remediation action on an asset by asset ID\n - **Group level**- Perform remediation action for all the assets of a particular asset type for a specified CVE ID \n - **Global level**- Perform remediation action on all assets of a specified CVE ID\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "description": "You create one of the following remediation action request for an asset or a set of assets:\n - Create a task or JIRA ticket \n - Create a merge request \n - Suppress the vulnerability \n\n Remediation action request can be created at the following levels:\n- **Asset level**- Perform remediation action on an asset by asset ID\n - **Group level**- Perform remediation action for all the assets of a particular asset type for a specified CVE ID \n - **Global level**- Perform remediation action on all assets of a specified CVE ID. \n\n>**Note:** You need 'vulnerabilityRemediation' feature with 'Create' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Alerts > Remediate Vulnerabilities** is enabled.", "parameters": [ { "name": "template-id", @@ -334,7 +334,7 @@ } }, "x-public": "true", - "x-ga": "24.1.1-darwin", + "x-ga": "24.1.1", "security": [ { "x-redlock-auth": [] diff --git a/openapi-specs/cspm/UVESearchMicroService.json b/openapi-specs/cspm/UVESearchMicroService.json index 6850cadba..578faa84f 100644 --- a/openapi-specs/cspm/UVESearchMicroService.json +++ b/openapi-specs/cspm/UVESearchMicroService.json @@ -7,7 +7,7 @@ "tags": [ { "name": "Vulnerabilities Dashboard", - "description": "Vulnerabilities Dashboard(UVE) gives you a holistic graphical view of all the vulnerabilities across your Code to Cloud environment. The APIs in this section helps you to get the details that are displayed in the Vulnerabilities Dashboard widget based on various filters. You can asses the vulnerabilities and create request to remediate or mitigate the vulnerability. For more information about the Vulnerabilities Dashboard, see [Vulnerabilities Dashboard](https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards-vulnerabilities)." + "description": "Vulnerabilities Dashboard(UVE) gives you a holistic graphical view of all the vulnerabilities across your Code to Cloud environment. The APIs in this section helps you to get the details that are displayed in the Vulnerabilities Dashboard widget based on various filters. You can asses the vulnerabilities and create request to remediate or mitigate the vulnerability. For more information about the Vulnerabilities Dashboard, see [Vulnerabilities Dashboard](https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards-vulnerabilities).\n>**Note:** You need specific access permission to use the endpoints in this category. For details on the required permissions, see the respective endpoint description. " } ], "paths": { @@ -18,7 +18,7 @@ ], "operationId": "vulnerabilities-search-api", "summary": "Get Vulnerabilities by RQL", - "description": "Get the list of vulnerabilities and their details based on an RQL query. For vulnerability RQL query attributes, see [Vulnerability Query Attributes](https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/vulnerability-queries/vulnerability-query-attributes). For example queries, see [Vulnerability Query Examples](https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/vulnerability-queries/vulnerability-query-examples).\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "description": "Get the list of vulnerabilities and their details based on an RQL query. For vulnerability RQL query attributes, see [Vulnerability Query Attributes](https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/vulnerability-queries/vulnerability-query-attributes). For example queries, see [Vulnerability Query Examples](https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/vulnerability-queries/vulnerability-query-examples).\n\n To download all the vulnerabilities by RQL in a CSV format, see [Download All Vulnerabilities by RQL](https://pan.dev/prisma-cloud/api/cspm/download-vulnerability-csv-file-in-investigate-table-view/) \n>**Note:** You need 'investigateVulnerabilityRql' feature with 'View' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Investigate > Vulnerability** is enabled.", "requestBody": { "required": true, "content": { @@ -83,7 +83,7 @@ } }, "x-public": "true", - "x-ga": "24.1.1-darwin", + "x-ga": "24.1.1", "security": [ { "x-redlock-auth": [] @@ -98,7 +98,7 @@ ], "operationId": "list-vulnerable-assets", "summary": "Get Vulnerable Assets by RQL", - "description": "Get the list of vulnerable Assets and their IDs based on an RQL query. For vulnerability RQL query attributes, see [Vulnerability Query Attributes](https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/vulnerability-queries/vulnerability-query-attributes). For example queries, see [Vulnerability Query Examples](https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/vulnerability-queries/vulnerability-query-examples).\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "description": "Get the list of vulnerable Assets and their IDs based on an RQL query. For vulnerability RQL query attributes, see [Vulnerability Query Attributes](https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/vulnerability-queries/vulnerability-query-attributes). For example queries, see [Vulnerability Query Examples](https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/vulnerability-queries/vulnerability-query-examples).\n>**Note:** You need 'investigateVulnerabilityRql' feature with 'View' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Investigate > Vulnerability** is enabled.", "requestBody": { "required": true, "content": { @@ -176,8 +176,8 @@ "Vulnerabilities Dashboard" ], "operationId": "download-vulnerability-file", - "summary": "Download CVE Details", - "description": "Download the CVE details and impacted assets by CVE ID in a GZIP CSV format.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "summary": "Get CVE Details by ID", + "description": "Get the CVE details and impacted assets by CVE ID in a GZIP CSV format.\n>**Note:** You need 'investigateVulnerabilityRql' feature with 'View' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Investigate > Vulnerability** is enabled.", "requestBody": { "required": true, "content": { @@ -232,7 +232,75 @@ } }, "x-public": "true", - "x-ga": "24.1.1-darwin", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/uve/api/v1/vulnerabilities/search/download": { + "post": { + "tags": [ + "Vulnerabilities Dashboard" + ], + "operationId": "download-vulnerability-csv-file-in-investigate-table-view", + "summary": "Download All Vulnerabilities by RQL", + "description": "Download the list of vulnerabilities and their details based on an RQL query in a GZIP CSV format. Maximum of 10k records can be downloaded. For vulnerability RQL query attributes, see [Vulnerability Query Attributes](https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/vulnerability-queries/vulnerability-query-attributes). For example queries, see [Vulnerability Query Examples](https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/vulnerability-queries/vulnerability-query-examples).\n>**Note:** You need 'investigateVulnerabilityRql' feature with 'View' permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VulnerabilitySearchRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Successful response", + "content": { + "application/octet-stream": { + "schema": { + "type": "string", + "format": "binary" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + } + }, + "x-public": "true", "security": [ { "x-redlock-auth": [] @@ -302,6 +370,14 @@ "type": "integer", "description": "Total number of rows" }, + "totalVulnerabilities": { + "type": "integer", + "description": "Total number of vulnerabilities" + }, + "totalAssets": { + "type": "integer", + "description": "Total number of unique assets" + }, "items": { "type": "array", "items": { diff --git a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv index 78f23ed75..850a62df9 100644 --- a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv +++ b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv @@ -448,6 +448,7 @@ "get","/uve/api/v1/dashboard/vulnerabilities/prioritised","Get Prioritized Vulnerabilities","prioritised-vulnerability","Vulnerabilities Dashboard","UVEDashboardMicroService.json" "get","/uve/api/v2/dashboard/vulnerabilities/prioritised","Get Prioritized Vulnerabilities V2","prioritised-vulnerability-v2","Vulnerabilities Dashboard","UVEDashboardMicroService.json" "get","/uve/api/v3/dashboard/vulnerabilities/prioritised","Get Prioritized Vulnerabilities V3","prioritised-vulnerability-v3","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"get","/uve/api/v4/dashboard/vulnerabilities/prioritised","Get Prioritized Vulnerabilities V4","prioritised-vulnerability-v4","Vulnerabilities Dashboard","UVEDashboardMicroService.json" "get","/uve/api/v1/dashboard/vulnerabilities/impact-stage","Get Vulnerability Impact by Stage","vulnerability-impact-by-stage","Vulnerabilities Dashboard","UVEDashboardMicroService.json" "get","/uve/api/v1/dashboard/vulnerabilities/prioritised-vuln","Get Top Impacting Vulnerabilities","top-prioritised-vulnerability","Vulnerabilities Dashboard","UVEDashboardMicroService.json" "get","/uve/api/v2/dashboard/vulnerabilities/prioritised-vuln","Get Top Impacting Vulnerabilities V2","top-prioritised-vulnerability-v2","Vulnerabilities Dashboard","UVEDashboardMicroService.json" @@ -459,7 +460,8 @@ "post","/uve/api/v1/remediation/vuln-create-remediation","Create Remediation Request","create-Remediation-Request","Vulnerabilities Dashboard","Monolith" "post","/uve/api/v1/vulnerabilities/search","Get Vulnerabilities by RQL","vulnerabilities-search-api","Vulnerabilities Dashboard","UVESearchMicroService.json" "post","/uve/api/v1/vulnerabilities/search/asset","Get Vulnerable Assets by RQL","list-vulnerable-assets","Vulnerabilities Dashboard","UVESearchMicroService.json" -"post","/uve/api/v1/vulnerabilities/download","Download CVE Details","download-vulnerability-file","Vulnerabilities Dashboard","UVESearchMicroService.json" +"post","/uve/api/v1/vulnerabilities/download","Get CVE Details by ID","download-vulnerability-file","Vulnerabilities Dashboard","UVESearchMicroService.json" +"post","/uve/api/v1/vulnerabilities/search/download","Download All Vulnerabilities by RQL","download-vulnerability-csv-file-in-investigate-table-view","Vulnerabilities Dashboard","UVESearchMicroService.json" "get","/user/me","Profile","get-my-profile","User Profile","Monolith" "put","/user/me","Update Profile","update-my-profile","User Profile","Monolith" "get","/v3/user","List Users V3","get-user-profiles-v3","User Profile","Monolith" diff --git a/openapi-specs/cwpp/openapi-32-05-124-saas.json b/openapi-specs/cwpp/32-05/openapi-32-05-124-saas.json similarity index 100% rename from openapi-specs/cwpp/openapi-32-05-124-saas.json rename to openapi-specs/cwpp/32-05/openapi-32-05-124-saas.json diff --git a/openapi-specs/cwpp/desc/images/get.md b/openapi-specs/cwpp/desc/images/get.md index 6c82341b6..ec777ffb8 100644 --- a/openapi-specs/cwpp/desc/images/get.md +++ b/openapi-specs/cwpp/desc/images/get.md @@ -7,6 +7,10 @@ This endpoint maps to the image table in **Monitor > Compliance > Images > Deplo > _**Note:**_ The `image` object of the response was created for internal use of Prisma Cloud Compute for image scanning and analysis. Therefore, its inner fields are not saved in the database and will return empty in the endpoint response. You can get some of its values, such as `labels` and `history`, from the main structure of the response. +You can use the wildcard (*) character as input to filter the retrieved images. + +If no entry is present in the database, the search returns an empty list. + Consider the following available options to retrieve when you use the `fields` query parameter: - labels - repoTag.repo @@ -14,6 +18,7 @@ Consider the following available options to retrieve when you use the `fields` q - clusters - hosts - repoTag.tag + ### cURL Request Refer to the following cURL command that retrieves a compact scan report for all images: diff --git a/openapi-specs/cwpp/desc/sbom/download_ci_images_get.md b/openapi-specs/cwpp/desc/sbom/download_ci_images_get.md new file mode 100644 index 000000000..2ecc2a026 --- /dev/null +++ b/openapi-specs/cwpp/desc/sbom/download_ci_images_get.md @@ -0,0 +1 @@ +Downloads SBOM file for cli images according to the given options. \ No newline at end of file diff --git a/openapi-specs/cwpp/desc/sbom/download_ci_serverless_get.md b/openapi-specs/cwpp/desc/sbom/download_ci_serverless_get.md new file mode 100644 index 000000000..54800dca6 --- /dev/null +++ b/openapi-specs/cwpp/desc/sbom/download_ci_serverless_get.md @@ -0,0 +1 @@ +Downloads SBOM file for cli serverless according to the given options. diff --git a/openapi-specs/cwpp/desc/sbom/download_hosts_get.md b/openapi-specs/cwpp/desc/sbom/download_hosts_get.md new file mode 100644 index 000000000..248852739 --- /dev/null +++ b/openapi-specs/cwpp/desc/sbom/download_hosts_get.md @@ -0,0 +1 @@ +Downloads SBOM file for hosts according to the given options. \ No newline at end of file diff --git a/openapi-specs/cwpp/desc/sbom/download_images_get.md b/openapi-specs/cwpp/desc/sbom/download_images_get.md new file mode 100644 index 000000000..9b1f588de --- /dev/null +++ b/openapi-specs/cwpp/desc/sbom/download_images_get.md @@ -0,0 +1 @@ +Downloads SBOM file for images according to the given options. diff --git a/openapi-specs/cwpp/desc/sbom/download_registry_get.md b/openapi-specs/cwpp/desc/sbom/download_registry_get.md new file mode 100644 index 000000000..2b50c4e50 --- /dev/null +++ b/openapi-specs/cwpp/desc/sbom/download_registry_get.md @@ -0,0 +1 @@ +Downloads SBOM file for registries according to the given options. \ No newline at end of file diff --git a/openapi-specs/cwpp/desc/sbom/download_serverless_get.md b/openapi-specs/cwpp/desc/sbom/download_serverless_get.md new file mode 100644 index 000000000..53d4014f1 --- /dev/null +++ b/openapi-specs/cwpp/desc/sbom/download_serverless_get.md @@ -0,0 +1 @@ +Downloads SBOM file for serverless according to the given options. \ No newline at end of file diff --git a/openapi-specs/cwpp/desc/sbom/download_vms_get.md b/openapi-specs/cwpp/desc/sbom/download_vms_get.md new file mode 100644 index 000000000..d9488e475 --- /dev/null +++ b/openapi-specs/cwpp/desc/sbom/download_vms_get.md @@ -0,0 +1 @@ +Downloads SBOM file for vms according to the given options. \ No newline at end of file diff --git a/openapi-specs/cwpp/desc/sbom/sbom_intro.md b/openapi-specs/cwpp/desc/sbom/sbom_intro.md new file mode 100644 index 000000000..f67b0b685 --- /dev/null +++ b/openapi-specs/cwpp/desc/sbom/sbom_intro.md @@ -0,0 +1 @@ +These endpoints enable you to download the Software Bill of Materials (SBOM) \ No newline at end of file diff --git a/openapi-specs/cwpp/desc/settings/registry_post.md b/openapi-specs/cwpp/desc/settings/registry_post.md index 0fae2c481..efabf4e67 100644 --- a/openapi-specs/cwpp/desc/settings/registry_post.md +++ b/openapi-specs/cwpp/desc/settings/registry_post.md @@ -15,15 +15,15 @@ It can be one of the following strings: * Docker Trusted Registry: `dtr` * Google Container Registry: `gcr` * GitLab Container Registry: `gitlab` +* Harbor Registry: `harbor` * IBM Cloud Container Registry: `bluemix` * JFrog Artifactory: `jfrog` * Red Hat OpenShift: `redhat` * Sonatype Nexus: `sonatype` +**Note**: From Lagrange 22.11 release or later, you can add a maximum of 19,999 registry entries in **Defend > Vulnerabilities > Images > Registry settings**. -**Note**: From 22.11 (Lagrange) release or later, you can add a maximum of 19,999 registry entries in **Defend > Vulnerabilities > Images > Registry settings**. - -The API response returns an HTTP 400 error, if the number of registry specifications exceeds the maximum allowable limit of 19,999 registry entries. +The API response returns an HTTP 400 error if the number of registry specifications exceeds the maximum allowable limit of 19,999 registry entries. **cURL Request** @@ -53,8 +53,8 @@ Starting with 30.03, you can directly add a GitLab Container Registry. To add settings for a GitLab Container Registry, you must specify the following parameters: * **version**: Specify the value *gitlab* for GitLab Container Registry. -* **registry**: Specify the GitLab registry URL address. Example, for native registries, you can specify the address as "https://registry.gitlab.com" -* **credentialID**: Specify the GitLab credential that you added in the credential store in Prisma Cloud Compute. For example, an API token that has atleast the *read_api* scope. +* **registry**: Specify the GitLab registry URL address. For example, for native registries, you can specify the address as "https://registry.gitlab.com" +* **credentialID**: Specify the GitLab credential that you added in the credential store in Prisma Cloud Compute. For example, an API token that has at least the *read_api* scope. * **gitlabRegistrySpec**: Specify at least one of the following fields: * **userID**: Specify your GitLab user ID to add all registries associated with it. * **projectIDs**: Specify the project IDs to add all registries associated with a GitLab project. diff --git a/openapi-specs/cwpp/openapi-32-06-110-saas.json b/openapi-specs/cwpp/openapi-32-06-110-saas.json new file mode 100644 index 000000000..e20d68a0b --- /dev/null +++ b/openapi-specs/cwpp/openapi-32-06-110-saas.json @@ -0,0 +1,51408 @@ +{ + "components": { + "schemas": { + "-_admission.Audit": { + "items": { + "$ref": "#/components/schemas/admission.Audit" + }, + "type": "array" + }, + "-_api.AggregationPeriod": { + "items": { + "$ref": "#/components/schemas/api.AggregationPeriod" + }, + "type": "array" + }, + "-_api.AlertProfile": { + "items": { + "$ref": "#/components/schemas/api.AlertProfile" + }, + "type": "array" + }, + "-_applicationcontrol.Rule": { + "items": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + }, + "type": "array" + }, + "-_ccs.ConsoleMessage": { + "items": { + "$ref": "#/components/schemas/ccs.ConsoleMessage" + }, + "type": "array" + }, + "-_collection.Collection": { + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "-_collection.Usage": { + "items": { + "$ref": "#/components/schemas/collection.Usage" + }, + "type": "array" + }, + "-_cred.Credential": { + "items": { + "$ref": "#/components/schemas/cred.Credential" + }, + "type": "array" + }, + "-_customrules.Rule": { + "items": { + "$ref": "#/components/schemas/customrules.Rule" + }, + "type": "array" + }, + "-_defender.Defender": { + "items": { + "$ref": "#/components/schemas/defender.Defender" + }, + "type": "array" + }, + "-_deployment.DaemonSet": { + "items": { + "$ref": "#/components/schemas/deployment.DaemonSet" + }, + "type": "array" + }, + "-_forensic.ContainerEvent": { + "items": { + "$ref": "#/components/schemas/forensic.ContainerEvent" + }, + "type": "array" + }, + "-_forensic.HostEvent": { + "items": { + "$ref": "#/components/schemas/forensic.HostEvent" + }, + "type": "array" + }, + "-_kubeaudit.Audit": { + "items": { + "$ref": "#/components/schemas/kubeaudit.Audit" + }, + "type": "array" + }, + "-_kubeaudit.AuditSpecification": { + "items": { + "$ref": "#/components/schemas/kubeaudit.AuditSpecification" + }, + "type": "array" + }, + "-_log.LogEntry": { + "items": { + "$ref": "#/components/schemas/log.LogEntry" + }, + "type": "array" + }, + "-_prisma.AlertIntegration": { + "items": { + "$ref": "#/components/schemas/prisma.AlertIntegration" + }, + "type": "array" + }, + "-_rbac.Role": { + "items": { + "$ref": "#/components/schemas/rbac.Role" + }, + "type": "array" + }, + "-_runtime.ContainerProfileHost": { + "items": { + "$ref": "#/components/schemas/runtime.ContainerProfileHost" + }, + "type": "array" + }, + "-_runtime.HostProfile": { + "items": { + "$ref": "#/components/schemas/runtime.HostProfile" + }, + "type": "array" + }, + "-_sandbox.ScanResult": { + "items": { + "$ref": "#/components/schemas/sandbox.ScanResult" + }, + "type": "array" + }, + "-_serverless.FunctionInfo": { + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + }, + "-_serverless.RadarFilter": { + "items": { + "$ref": "#/components/schemas/serverless.RadarFilter" + }, + "type": "array" + }, + "-_shared.AppEmbeddedRuntimeProfile": { + "items": { + "$ref": "#/components/schemas/shared.AppEmbeddedRuntimeProfile" + }, + "type": "array" + }, + "-_shared.AppFirewallAudit": { + "items": { + "$ref": "#/components/schemas/shared.AppFirewallAudit" + }, + "type": "array" + }, + "-_shared.Audit": { + "items": { + "$ref": "#/components/schemas/shared.Audit" + }, + "type": "array" + }, + "-_shared.BackupSpec": { + "items": { + "$ref": "#/components/schemas/shared.BackupSpec" + }, + "type": "array" + }, + "-_shared.CLIScanResult": { + "items": { + "$ref": "#/components/schemas/shared.CLIScanResult" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryAccount": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryAccount" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryEntity": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryEntity" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryRadar": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryRadar" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryResult": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryResult" + }, + "type": "array" + }, + "-_shared.CloudScanRule": { + "items": { + "$ref": "#/components/schemas/shared.CloudScanRule" + }, + "type": "array" + }, + "-_shared.ContainerNetworkFirewallProfileAudits": { + "items": { + "$ref": "#/components/schemas/shared.ContainerNetworkFirewallProfileAudits" + }, + "type": "array" + }, + "-_shared.ContainerRuntimeProfile": { + "items": { + "$ref": "#/components/schemas/shared.ContainerRuntimeProfile" + }, + "type": "array" + }, + "-_shared.ContainerScanResult": { + "items": { + "$ref": "#/components/schemas/shared.ContainerScanResult" + }, + "type": "array" + }, + "-_shared.CustomComplianceCheck": { + "items": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + }, + "type": "array" + }, + "-_shared.FileIntegrityEvent": { + "items": { + "$ref": "#/components/schemas/shared.FileIntegrityEvent" + }, + "type": "array" + }, + "-_shared.HostActivity": { + "items": { + "$ref": "#/components/schemas/shared.HostActivity" + }, + "type": "array" + }, + "-_shared.HostInfo": { + "items": { + "$ref": "#/components/schemas/shared.HostInfo" + }, + "type": "array" + }, + "-_shared.HostNetworkFirewallProfileAudits": { + "items": { + "$ref": "#/components/schemas/shared.HostNetworkFirewallProfileAudits" + }, + "type": "array" + }, + "-_shared.ImageScanResult": { + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + }, + "-_shared.Incident": { + "items": { + "$ref": "#/components/schemas/shared.Incident" + }, + "type": "array" + }, + "-_shared.LambdaRuntimeType": { + "items": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "type": "array" + }, + "-_shared.LogInspectionEvent": { + "items": { + "$ref": "#/components/schemas/shared.LogInspectionEvent" + }, + "type": "array" + }, + "-_shared.MgmtAudit": { + "items": { + "$ref": "#/components/schemas/shared.MgmtAudit" + }, + "type": "array" + }, + "-_shared.Progress": { + "items": { + "$ref": "#/components/schemas/shared.Progress" + }, + "type": "array" + }, + "-_shared.RegionData": { + "items": { + "$ref": "#/components/schemas/shared.RegionData" + }, + "type": "array" + }, + "-_shared.RegistryScanProgress": { + "items": { + "$ref": "#/components/schemas/shared.RegistryScanProgress" + }, + "type": "array" + }, + "-_shared.RegistryScanRequest": { + "items": { + "$ref": "#/components/schemas/shared.RegistryScanRequest" + }, + "type": "array" + }, + "-_shared.RuntimeAudit": { + "items": { + "$ref": "#/components/schemas/shared.RuntimeAudit" + }, + "type": "array" + }, + "-_shared.TASDropletSpecification": { + "items": { + "$ref": "#/components/schemas/shared.TASDropletSpecification" + }, + "type": "array" + }, + "-_shared.Tag": { + "items": { + "$ref": "#/components/schemas/shared.Tag" + }, + "type": "array" + }, + "-_shared.TrustAudits": { + "items": { + "$ref": "#/components/schemas/shared.TrustAudits" + }, + "type": "array" + }, + "-_shared.VMSpecification": { + "items": { + "$ref": "#/components/schemas/shared.VMSpecification" + }, + "type": "array" + }, + "-_string": { + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "-_types.AgentlessHostStatus": { + "items": { + "$ref": "#/components/schemas/types.AgentlessHostStatus" + }, + "type": "array" + }, + "-_types.AlertProfileOption": { + "items": { + "$ref": "#/components/schemas/types.AlertProfileOption" + }, + "type": "array" + }, + "-_types.AuditTimeslice": { + "items": { + "$ref": "#/components/schemas/types.AuditTimeslice" + }, + "type": "array" + }, + "-_types.BaseImagesRule": { + "items": { + "$ref": "#/components/schemas/types.BaseImagesRule" + }, + "type": "array" + }, + "-_types.CVEStats": { + "items": { + "$ref": "#/components/schemas/types.CVEStats" + }, + "type": "array" + }, + "-_types.CVEVulnerability": { + "items": { + "$ref": "#/components/schemas/types.CVEVulnerability" + }, + "type": "array" + }, + "-_types.ClusterRadarInfo": { + "items": { + "$ref": "#/components/schemas/types.ClusterRadarInfo" + }, + "type": "array" + }, + "-_types.CredentialUsage": { + "items": { + "$ref": "#/components/schemas/types.CredentialUsage" + }, + "type": "array" + }, + "-_types.DefenderSummary": { + "items": { + "$ref": "#/components/schemas/types.DefenderSummary" + }, + "type": "array" + }, + "-_types.DefendersVersionCount": { + "items": { + "$ref": "#/components/schemas/types.DefendersVersionCount" + }, + "type": "array" + }, + "-_types.DiscoveredVM": { + "items": { + "$ref": "#/components/schemas/types.DiscoveredVM" + }, + "type": "array" + }, + "-_types.Endpoint": { + "items": { + "$ref": "#/components/schemas/types.Endpoint" + }, + "type": "array" + }, + "-_types.ImpactedOutOfBandEntity": { + "items": { + "$ref": "#/components/schemas/types.ImpactedOutOfBandEntity" + }, + "type": "array" + }, + "-_types.Project": { + "items": { + "$ref": "#/components/schemas/types.Project" + }, + "type": "array" + }, + "-_types.Stats": { + "items": { + "$ref": "#/components/schemas/types.Stats" + }, + "type": "array" + }, + "-_types.UserCollection": { + "items": { + "$ref": "#/components/schemas/types.UserCollection" + }, + "type": "array" + }, + "-_types.UserProject": { + "items": { + "$ref": "#/components/schemas/types.UserProject" + }, + "type": "array" + }, + "-_types.VulnerabilityStats": { + "items": { + "$ref": "#/components/schemas/types.VulnerabilityStats" + }, + "type": "array" + }, + "-_uint8": { + "items": { + "$ref": "#/components/schemas/uint8" + }, + "type": "array" + }, + "-_vuln.WildFireMalware": { + "items": { + "$ref": "#/components/schemas/vuln.WildFireMalware" + }, + "type": "array" + }, + "-_waas.APIChangeDetails": { + "items": { + "$ref": "#/components/schemas/waas.APIChangeDetails" + }, + "type": "array" + }, + "-_waas.DiscoveredAPI": { + "items": { + "$ref": "#/components/schemas/waas.DiscoveredAPI" + }, + "type": "array" + }, + "-_waas.NetworkList": { + "items": { + "$ref": "#/components/schemas/waas.NetworkList" + }, + "type": "array" + }, + "-_waas.OpenAPIScan": { + "items": { + "$ref": "#/components/schemas/waas.OpenAPIScan" + }, + "type": "array" + }, + "-_waas.UnprotectedContainersWebApps": { + "items": { + "$ref": "#/components/schemas/waas.UnprotectedContainersWebApps" + }, + "type": "array" + }, + "-_waas.UnprotectedHostsWebApps": { + "items": { + "$ref": "#/components/schemas/waas.UnprotectedHostsWebApps" + }, + "type": "array" + }, + "-_waas.VPCConfigMirroredVM": { + "items": { + "$ref": "#/components/schemas/waas.VPCConfigMirroredVM" + }, + "type": "array" + }, + "-_waas.VPCConfigResource": { + "items": { + "$ref": "#/components/schemas/waas.VPCConfigResource" + }, + "type": "array" + }, + "admission.Audit": { + "description": "Audit represents an admission audit", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the cluster where the audit took place.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "description": "Effect is the rule effect which was applied to the review which led to this audit.\n", + "type": "string" + }, + "kind": { + "description": "Kind is the type of object being manipulated. For example: Pod.\n", + "type": "string" + }, + "message": { + "description": "Message is the rule user defined message which appears on audit.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace associated with the request (if any).\n", + "type": "string" + }, + "operation": { + "description": "Operation is the operation being performed.\n", + "type": "string" + }, + "rawRequest": { + "description": "RawRequest is the original review request that caused this audit.\n", + "type": "string" + }, + "resource": { + "description": "Resource is the name of the resource being requested. This is not the kind. For example: pods.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule which issued this audit.\n", + "type": "string" + }, + "time": { + "description": "Time is the time at which the audit was generated.\n", + "format": "date-time", + "type": "string" + }, + "userGroups": { + "description": "UserGroups is the names of groups this user is a part of.\n", + "type": "string" + }, + "userUid": { + "description": "UserUID is a unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs.\n", + "type": "string" + }, + "username": { + "description": "Username is the name that uniquely identifies this user among all active users.\n", + "type": "string" + } + }, + "type": "object" + }, + "admission.Policy": { + "description": "Policy represents a policy enforced on Kubernetes admission reviews", + "properties": { + "_id": { + "description": "ID is the policy ID.\n", + "type": "string" + }, + "rules": { + "description": "Rules is a list of rules associated with the admission policy.\n", + "items": { + "$ref": "#/components/schemas/admission.Rule" + }, + "type": "array" + } + }, + "type": "object" + }, + "admission.Rule": { + "description": "Rule represents an admission rule", + "properties": { + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "description": { + "description": "Description is the rule description.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/common.PolicyEffect" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "script": { + "description": "Script is the Rego script.\n", + "type": "string" + }, + "skipRawReq": { + "description": "SkipRawReq signals to exclude raw review request in a resulting admission audit.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "agentless.ImageScanResultErrCode": { + "description": "ImageScanResultErrCode represents the asset status error", + "type": "integer" + }, + "api.AggregationPeriod": { + "description": "AggregationPeriod represents a period over which alerts are aggregated", + "properties": { + "displayName": { + "description": "The display name of the aggregation period.\n", + "type": "string" + }, + "periodMS": { + "description": "The aggregation period's duration in milliseconds.\n", + "type": "integer" + } + }, + "type": "object" + }, + "api.AlertClientType": { + "description": "AlertClientType represents the type of alert client (e.g., email, slack, ...)", + "type": "string" + }, + "api.AlertProfile": { + "description": "AlertProfile represents an alert profile (event type and recipients)", + "properties": { + "_id": { + "description": "ID is the alert profile ID.\n", + "type": "string" + }, + "consoleIdentifier": { + "description": "ConsoleIdentifier is the console identifier.\n", + "type": "string" + }, + "cortex": { + "$ref": "#/components/schemas/api.AlertProfileCortexSettings" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "email": { + "$ref": "#/components/schemas/api.AlertProfileEmailSettings" + }, + "external": { + "description": "External indicates that the profile is integrated through Prisma Cloud.\n", + "type": "boolean" + }, + "gcpPubsub": { + "$ref": "#/components/schemas/api.AlertProfileGcpPubsubSettings" + }, + "integrationID": { + "description": "IntegrationID is the ID identifying the provider configured in Prisma Cloud.\n", + "type": "string" + }, + "jira": { + "$ref": "#/components/schemas/api.AlertProfileJIRASettings" + }, + "lastError": { + "description": "LastError represents the last error when sending the profile.\n", + "type": "string" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pagerduty": { + "$ref": "#/components/schemas/api.AlertProfilePagerDutySettings" + }, + "policy": { + "additionalProperties": { + "$ref": "#/components/schemas/api.AlertRule" + }, + "description": "Policy contains the mapping between alert type to the applied alert rules.\n", + "type": "object" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "securityAdvisor": { + "$ref": "#/components/schemas/api.AlertProfileSecurityAdvisor" + }, + "securityCenter": { + "$ref": "#/components/schemas/api.AlertProfileSecurityCenterSettings" + }, + "securityHub": { + "$ref": "#/components/schemas/api.AlertProfileSecurityHubSettings" + }, + "serviceNow": { + "$ref": "#/components/schemas/api.AlertProfileServiceNowSettings" + }, + "slack": { + "$ref": "#/components/schemas/api.AlertProfileSlackSettings" + }, + "splunk": { + "$ref": "#/components/schemas/api.AlertProfileSplunkSettings" + }, + "sqs": { + "$ref": "#/components/schemas/api.AlertProfileSQSSettings" + }, + "vulnerabilityImmediateAlertsEnabled": { + "description": "VulnerabilityImmediateAlertsEnabled indicates whether an immediate vulnerability alert will be sent upon new image scan.\n", + "type": "boolean" + }, + "webhook": { + "$ref": "#/components/schemas/api.AlertProfileWebhookSettings" + } + }, + "type": "object" + }, + "api.AlertProfileCortexSettings": { + "description": "AlertProfileCortexSettings represents Cortex applications alert profile settings", + "properties": { + "application": { + "$ref": "#/components/schemas/api.CortexApp" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the id of the basic authentication credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Webhook provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom JSON we send to the URL.\n", + "type": "string" + }, + "url": { + "description": "URL is the Webhook address.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileEmailSettings": { + "description": "AlertProfileEmailSettings represents the alert profile Email settings", + "properties": { + "credentialId": { + "description": "CredentialID is the Email authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "from": { + "description": "From is the from address of the mail.\n", + "type": "string" + }, + "labels": { + "description": "Labels are custom label names from which the mail recipients are extracted, allowing to dynamically extract the target of the alerts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "port": { + "description": ".\n", + "type": "integer" + }, + "recipients": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "smtpAddress": { + "description": ".\n", + "type": "string" + }, + "ssl": { + "description": ".\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.AlertProfileGcpPubsubSettings": { + "description": "AlertProfileGcpPubsubSettings is the GCP Pub/Sub alert profile settings", + "properties": { + "credentialId": { + "description": "CredentialID is the GCP Pub/Sub authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the GCP Pub/Sub settings are enabled.\n", + "type": "boolean" + }, + "topic": { + "description": "Topic is the GCP Pub/Sub topic (used by subscribers to listen for messages).\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileJIRASettings": { + "description": "AlertProfileJIRASettings represents the alert profile JIRA settings", + "properties": { + "assignee": { + "$ref": "#/components/schemas/api.JIRADynamicField" + }, + "baseUrl": { + "description": "BaseURL is the JIRA address.\n", + "type": "string" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the JIRA authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled controls whether the rule is enabled.\n", + "type": "boolean" + }, + "issueType": { + "description": "IssueType is the type of the JIRA issue.\n", + "type": "string" + }, + "labels": { + "$ref": "#/components/schemas/api.JIRADynamicLabels" + }, + "priority": { + "description": "Priority is the issue priority.\n", + "type": "string" + }, + "projectKey": { + "$ref": "#/components/schemas/api.JIRADynamicField" + } + }, + "type": "object" + }, + "api.AlertProfilePagerDutySettings": { + "description": "AlertProfilePagerDutySettings represents the alert profile PagerDuty settings", + "properties": { + "enabled": { + "description": "Enabled is PagerDuty provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "routingKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "severity": { + "$ref": "#/components/schemas/api.PagerDutyAlertSeverity" + }, + "summary": { + "description": "Summary is the PagerDuty's event summary.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSQSSettings": { + "description": "AlertProfileSQSSettings represents the alert profile SQS settings", + "properties": { + "enabled": { + "description": "Enabled is the SQS provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom json we send to SQS.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityAdvisor": { + "description": "AlertProfileSecurityAdvisor is the IBM security advisor alert profile settings", + "properties": { + "auto": { + "description": "Automatic means the configuration was automatically provisioned by security advisor, and only notes should be created.\n", + "type": "boolean" + }, + "credentialID": { + "description": "CredentialID is the IBM security advisor credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the security advisor settings are enabled.\n", + "type": "boolean" + }, + "findingsURL": { + "description": "FindingsURL is the URL to which findings should be sent.\n", + "type": "string" + }, + "providerId": { + "description": "ProviderID is the configured providerID (default twistlock).\n", + "type": "string" + }, + "tokenURL": { + "description": "TokenURL is the url from which security tokens should be fetched.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityCenterSettings": { + "description": "AlertProfileSecurityCenterSettings is the google cloud security center alert profile settings", + "properties": { + "credentialId": { + "description": "CredentialID is the Security Center authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "sourceID": { + "description": "SourceID is the google cloud security center organization source ID (used to construct security advisor findings).\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityHubSettings": { + "description": "AlertProfileSecurityHubSettings is the AWS security hub alert profile settings", + "properties": { + "accountID": { + "description": "AccountID is the AWS account ID.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the SecurityHub authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the security hub settings are enabled.\n", + "type": "boolean" + }, + "region": { + "description": "Region is the aws region.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileServiceNowSettings": { + "description": "AlertProfileServiceNowSettings represents the ServiceNow provider alert profile settings", + "properties": { + "application": { + "$ref": "#/components/schemas/api.ServiceNowApp" + }, + "assignee": { + "description": "Assignee is the ServiceNow user to whom will assign ServiceNow incidents\\items.\n", + "type": "string" + }, + "assignmentGroup": { + "description": "AssignmentGroup is the ServiceNow group of users handling security incidents.\n", + "type": "string" + }, + "auditPriority": { + "description": "AuditPriority is the priority at which to set audit alerts in security incidents.\n", + "type": "string" + }, + "caCert": { + "description": "CA certificate for on-premise ssl (optional).\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the ServiceNow authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is the ServiceNow provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "project": { + "description": "Project is the name of the prisma compute project that was used to generate this configuration. It's required as secondary consoles do not store their project name.\n", + "type": "string" + }, + "securityIncidentBaseURL": { + "description": "SecurityIncidentBaseURL is the ServiceNow address, used to send security incidents.\n", + "type": "string" + }, + "vulnerabilityEndpointUrl": { + "description": "VulnerabilityEndpointURL to report ServiceNow vulnerabilities, customer defined scripted REST API, see: https://docs.servicenow.com/bundle/orlando-application-development/page/integrate/custom-web-services/concept/c_CustomWebServices.html.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSlackSettings": { + "description": "AlertProfileSlackSettings represents the alert profile Slack settings", + "properties": { + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "users": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "webhookUrl": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSplunkSettings": { + "description": "AlertProfileSplunkSettings represents the alert profile Splunk settings", + "properties": { + "authToken": { + "$ref": "#/components/schemas/common.Secret" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server (optional).\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Splunk provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom json we send to Splunk.\n", + "type": "string" + }, + "sourceType": { + "description": "SourceType is the alert source type.\n", + "type": "string" + }, + "url": { + "description": "URL is the Splunk HTTP event collector URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileWebhookSettings": { + "description": "AlertProfileWebhookSettings represents the alert profile Webhook settings", + "properties": { + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the id of the basic authentication credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Webhook provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom JSON we send to the URL.\n", + "type": "string" + }, + "url": { + "description": "URL is the Webhook address.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertRule": { + "description": "AlertRule represents the configuration of an alert type", + "properties": { + "allRules": { + "description": "AllRules controls whether an alert is sent out for audits on all policy rules.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled controls whether the rule is enabled.\n", + "type": "boolean" + }, + "rules": { + "description": "AssociatedRules defines the specific rules whose audits will generate alerts (relevant only if AllRules is false).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.AlertSettings": { + "description": "AlertSettings are the global alert settings", + "properties": { + "aggregationPeriodMs": { + "description": "AggregationPeriodMs is the alert aggregation period in milliseconds.\n", + "type": "integer" + }, + "securityAdvisorWebhook": { + "description": "SecurityAdvisorWebhook is a webhook for IBM security advisor alert wizard, used to authenticate the wizard with the console and to pull data.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertType": { + "description": "AlertType represents an alert type", + "enum": [ + [ + "", + "defender", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "agentlessAppFirewall", + "networkFirewall", + "containerVulnerability", + "registryVulnerability", + "containerCompliance", + "hostVulnerability", + "hostCompliance", + "hostRuntime", + "incident", + "serverlessRuntime", + "kubernetesAudit", + "cloudDiscovery", + "admission", + "containerComplianceScan", + "hostComplianceScan", + "waasHealth", + "vmVulnerability", + "vmCompliance", + "containerSecurityEvents", + "hostSecurityEvents" + ] + ], + "type": "string" + }, + "api.AssetCountResponse": { + "properties": { + "activeAssetCount": { + "description": "ActiveAssetCount is the count of active assets.\n", + "type": "integer" + }, + "prismaApiId": { + "description": "PrismaAPIID is the queried Prisma API ID/asset type enum.\n", + "type": "integer" + } + }, + "type": "object" + }, + "api.AssetListResponse": { + "properties": { + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "prismaApiId": { + "description": "PrismaAPIID is the queried Prisma API ID/asset type enum.\n", + "type": "integer" + }, + "value": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/api.AssetValue" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.AssetValue": { + "properties": { + "cloudType": { + "description": ".\n", + "type": "string" + }, + "region": { + "description": ".\n", + "type": "string" + }, + "uniqueResourceName": { + "description": "the external ID of the asset.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AuthType": { + "description": "AuthType is the user authentication type", + "enum": [ + [ + "saml", + "ldap", + "basic", + "oauth", + "oidc" + ] + ], + "type": "string" + }, + "api.AuthenticationRequest": { + "description": "AuthenticationRequest is the required user input for authentication requests", + "properties": { + "password": { + "description": "Password is the password used for authentication.\n", + "type": "string" + }, + "token": { + "description": "Token is the Prisma JWT token used for authentication.\n", + "type": "string" + }, + "username": { + "description": "Username is the username used for authentication.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AuthenticationResponse": { + "description": "AuthenticationResponse returns the result of calling the authentication endpoint", + "properties": { + "token": { + "description": "Token is the new JWT token.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.BuildahFeatureStatus": { + "description": "BuildahFeatureStatus holds the response for the buildah feature status", + "properties": { + "enabled": { + "description": "Enabled is the buildah feature enabled/disabled indicator.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.CortexApp": { + "description": "CortexApp identifies a Cortex application (there are several)", + "enum": [ + [ + "xsoar", + "xdr" + ] + ], + "type": "string" + }, + "api.DefenderInstallScriptOptions": { + "description": "DefenderInstallScriptOptions holds the parameters for defender install script download", + "properties": { + "port": { + "description": "Port is the communication port between the defender and the console.\n", + "type": "integer" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + } + }, + "type": "object" + }, + "api.InitStatus": { + "description": "InitStatus returns whether the console is initialized (i.e., if initial user/password is set)", + "properties": { + "initialized": { + "description": "Initialized indicates whether the console is initialized.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.JIRADynamicField": { + "description": "JIRADynamicField represents a value that can be given as a string or as a dynamic label\nSee more: https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-issues/#api-rest-api-2-issue-post", + "properties": { + "id": { + "description": "ID is the field ID.\n", + "type": "string" + }, + "labels": { + "description": "Labels are the dynamic labels of which the value is based on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the static string field.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.JIRADynamicLabels": { + "description": "JIRADynamicLabels represents JIRA labels that can be given as strings or as a dynamic label", + "properties": { + "labels": { + "description": "Labels are the dynamic labels of which JIRA labels are based on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "names": { + "description": "Names are the static strings field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.LicenseRequest": { + "description": "LicenseRequest is a request to setup a new license", + "properties": { + "key": { + "description": "Key is the license key.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.PagerDutyAlertSeverity": { + "description": "PagerDutyAlertSeverity is the severity of an alert triggered in PagerDuty", + "enum": [ + [ + "critical", + "error", + "warning", + "info" + ] + ], + "type": "string" + }, + "api.Permission": { + "description": "Permission represents a user or group's permission to access a specific resource.\nCurrently supported resources are:\n- Project - Access to a specific project (if empty, the Master Project by default)\n- Collection - The set of collections in the project that may be accessed (all if empty)\nIf no permissions are assigned, all projects and collections may be accessed", + "properties": { + "collections": { + "description": "List of collections the user can access.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "project": { + "description": "Names of projects which the user can access.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.Permissions": { + "description": "Permissions is a list of permissions", + "items": { + "$ref": "#/components/schemas/api.Permission" + }, + "type": "array" + }, + "api.ProjectSettings": { + "description": "ProjectSettings are settings for supporting federated console", + "properties": { + "master": { + "description": "Master indicates that project feature is enabled and that this console is the master console.\n", + "type": "boolean" + }, + "redirectURL": { + "description": "RedirectURL is the redirectURL for the given project.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.ResolveFunctionsReq": { + "description": "ResolveFunctionsReq represents the parameters supported by the functions resolution API", + "properties": { + "functions": { + "description": "Functions is the list of functions to evaluate.\n", + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveFunctionsResp": { + "description": "ResolveFunctionsResp represents the functions resolution API output", + "properties": { + "functions": { + "description": "Functions is the list of functions that were resolved.\n", + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveImagesReq": { + "description": "ResolveImagesReq represents the parameters supported by the images resolution API", + "properties": { + "images": { + "description": "Images is the list of image to resolve.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveImagesResp": { + "description": "ResolveImagesResp represents the images resolution API output", + "properties": { + "images": { + "description": "Images is the list of images that were resolved.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ServiceNowApp": { + "description": "ServiceNowApp identifies a ServiceNow application (there are several)\nfor more details, see:\nhttps://docs.servicenow.com/bundle/orlando-security-management/page/product/security-operations/concept/security-operations-intro.html", + "enum": [ + [ + "securityIncidentsResponse", + "vulnerabilityResponse" + ] + ], + "type": "string" + }, + "api.User": { + "description": "User represents a user in Twistlock", + "properties": { + "authType": { + "$ref": "#/components/schemas/api.AuthType" + }, + "lastModified": { + "description": "Datetime when the user was created or last modified.\n", + "format": "date-time", + "type": "string" + }, + "password": { + "description": "Password for authentication.\n", + "type": "string" + }, + "permissions": { + "$ref": "#/components/schemas/api.Permissions" + }, + "role": { + "description": "User role.\n", + "type": "string" + }, + "username": { + "description": "Username for authentication.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.UserList": { + "description": "UserList represents a list of users", + "items": { + "$ref": "#/components/schemas/api.User" + }, + "type": "array" + }, + "appembedded.FargateTask": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "FargateTask represents the generic fargate task AWS template", + "type": "object" + }, + "applicationcontrol.Application": { + "description": "Application contains data about allowed installed versions for an application", + "properties": { + "allowedVersions": { + "$ref": "#/components/schemas/vulnerability.Conditions" + }, + "name": { + "description": "Name is the name of the application.\n", + "type": "string" + } + }, + "type": "object" + }, + "applicationcontrol.Rule": { + "description": "Rule represents an application control policy rule", + "properties": { + "_id": { + "description": "ID is the ID of the rule.\n", + "type": "integer" + }, + "applications": { + "description": "Applications are rules configuring the desired effect per application.\n", + "items": { + "$ref": "#/components/schemas/applicationcontrol.Application" + }, + "type": "array" + }, + "description": { + "description": "Description is the rule description.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the rule's severity.\n", + "type": "string" + } + }, + "type": "object" + }, + "bool": { + "type": "boolean" + }, + "byte": { + "format": "byte", + "type": "string" + }, + "ccs.AccountMessage": { + "description": "AccountMessage is a cloud account message", + "properties": { + "accountID": { + "description": "AccountID is the account ID.\n", + "type": "string" + }, + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "cloudType": { + "description": "CloudType is the account type.\n", + "type": "string" + }, + "deleted": { + "description": "Deleted is true if this account is marked deleted.\n", + "type": "boolean" + }, + "enrichedFeatures": { + "description": "Features is a list of enabled features and their mode.\n", + "items": { + "$ref": "#/components/schemas/ccs.Feature" + }, + "type": "array" + }, + "features": { + "description": "EnabledFeatures is a list of enabled feature names, kept for bc.\n", + "items": { + "$ref": "#/components/schemas/ccs.FeatureName" + }, + "type": "array" + }, + "lastModified": { + "description": "LastModified is the last time this account was modified.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "AccountName is the account name.\n", + "type": "string" + }, + "organizationName": { + "description": "OrganizationName is the organization the account belongs to (if any).\n", + "type": "string" + } + }, + "type": "object" + }, + "ccs.ConsoleMessage": { + "description": "ConsoleMessage is a generic console message which contains one type of message, e.g. account, alert rule, etc.", + "properties": { + "accountMessage": { + "$ref": "#/components/schemas/ccs.AccountMessage" + }, + "type": { + "$ref": "#/components/schemas/ccs.MsgType" + } + }, + "type": "object" + }, + "ccs.Feature": { + "properties": { + "mode": { + "$ref": "#/components/schemas/cloudaccount.FeatureMode" + }, + "name": { + "$ref": "#/components/schemas/ccs.FeatureName" + } + }, + "type": "object" + }, + "ccs.FeatureName": { + "description": "FeatureName is the account feature name", + "enum": [ + [ + "agentless", + "serverless", + "cloud-discovery", + "auto-protect" + ] + ], + "type": "string" + }, + "ccs.MsgType": { + "description": "MsgType is the message type, e.g. `account`, `alert-rule`, etc", + "enum": [ + [ + "account" + ] + ], + "type": "string" + }, + "cloudaccount.FeatureMode": { + "enum": [ + [ + "cloud-scan", + "target-scan", + "hub-scan", + "hub" + ] + ], + "type": "string" + }, + "clustereddb.AddMemberRequest": { + "description": "AddMemberRequest represents a request for adding a member to the clustered DB pool", + "properties": { + "address": { + "description": "Address is the member address to add.\n", + "type": "string" + } + }, + "type": "object" + }, + "clustereddb.ReplicaSetMemberStateStr": { + "description": "ReplicaSetMemberStateStr is a string representation of a member's state\nRef. https://docs.mongodb.com/v4.4/reference/replica-states/", + "enum": [ + [ + "STARTUP", + "PRIMARY", + "SECONDARY", + "RECOVERING", + "STARTUP2", + "UNKNOWN", + "ARBITER", + "DOWN", + "ROLLBACK", + "REMOVED" + ] + ], + "type": "string" + }, + "clustereddb.ReplicaSetMemberStatus": { + "description": "ReplicaSetMemberStatus represents replica set member's status\nRef. https://docs.mongodb.com/v4.4/reference/command/replSetGetStatus/#mongodb-data-replSetGetStatus.members", + "properties": { + "name": { + "description": "Name is the member's name (hostname address).\n", + "type": "string" + }, + "stateStr": { + "$ref": "#/components/schemas/clustereddb.ReplicaSetMemberStateStr" + } + }, + "type": "object" + }, + "clustereddb.Settings": { + "description": "Settings represents the clustered DB settings", + "properties": { + "loadBalancerAddress": { + "description": "LoadBalancerAddress is the address of the customer's load balancer in clustered DB mode. All clients (including Defenders) are reaching the Console through the load balancer.\n", + "type": "string" + }, + "seedConsoleAddress": { + "description": "SeedConsoleAddress allows editing the address of the seed Console (optional).\n", + "type": "string" + } + }, + "type": "object" + }, + "clustereddb.StatusResponse": { + "description": "StatusResponse represents the response to a clustered DB status request", + "properties": { + "date": { + "description": "Date indicates the current time according to the queried Mongo server.\n", + "format": "date-time", + "type": "string" + }, + "loadBalancerAddress": { + "description": "LoadBalancerAddress represents the address of the load balancer.\n", + "type": "string" + }, + "members": { + "description": "Members are the replica set members.\n", + "items": { + "$ref": "#/components/schemas/clustereddb.ReplicaSetMemberStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.AllowAllConnections": { + "description": "AllowAllConnections indicates if connections are allowed to/from any entity of the specified types\ne.g. if inbound contains the type subnet, the entity is allowed to receive connections from any subnet", + "properties": { + "inbound": { + "description": "Inbound indicates if connections are allowed from any entity of the specified types.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + }, + "type": "array" + }, + "outbound": { + "description": "Outbound indicates if connections are allowed to any entity of the specified types.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.ContainerAudit": { + "description": "ContainerAudit represents a network firewall audit event", + "properties": { + "block": { + "description": "Block indicates whether the connection was blocked.\n", + "type": "boolean" + }, + "count": { + "description": "Count is the event occurrences count.\n", + "type": "integer" + }, + "dstContainerName": { + "description": "DstContainerName is the destination container name.\n", + "type": "string" + }, + "dstDomain": { + "description": "DstDomain is the destination domain that was queried.\n", + "type": "string" + }, + "dstImageName": { + "description": "DstImage is the destination image name.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the connection destination port.\n", + "type": "integer" + }, + "dstProfileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "dstProfileID": { + "description": "DstProfileID is the destination profile ID.\n", + "type": "string" + }, + "dstSubnet": { + "description": "DstSubnet is the destination subnet.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the custom labels associated with the target container.\n", + "type": "object" + }, + "msg": { + "description": "Message is the event message.\n", + "type": "string" + }, + "ruleID": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "srcContainerName": { + "description": "SrcContainerName is the source container name.\n", + "type": "string" + }, + "srcImageName": { + "description": "SrcImage is the source image name.\n", + "type": "string" + }, + "srcProfileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcProfileID": { + "description": "SrcProfileID is the source profile ID.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cnnf.NetworkFirewallAttackType" + } + }, + "type": "object" + }, + "cnnf.EntityID": { + "description": "EntityID represents the ID of each network firewall entity.\n20 bits are used. Max legal value: 2^20-1", + "type": "integer" + }, + "cnnf.HostAudit": { + "description": "HostAudit represents a host network firewall audit event", + "properties": { + "accountID": { + "description": "AccountID is the host account ID.\n", + "type": "string" + }, + "block": { + "description": "Block indicates whether the connection was blocked.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "count": { + "description": "Count is the event occurrences count.\n", + "type": "integer" + }, + "dstHostname": { + "description": "DstHostname is the destination hostname.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the connection destination port.\n", + "type": "integer" + }, + "dstSubnet": { + "description": "DstSubnet is the destination subnet.\n", + "type": "string" + }, + "msg": { + "description": "Message is the event message.\n", + "type": "string" + }, + "ruleID": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "srcHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcHostname": { + "description": "SrcHostname is the source hostname.\n", + "type": "string" + }, + "srcSubnet": { + "description": "SrcSubnet is the source subnet.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cnnf.NetworkFirewallAttackType" + } + }, + "type": "object" + }, + "cnnf.NetworkEntities": { + "description": "NetworkEntities represents a list of network firewall entities", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + }, + "cnnf.NetworkEntity": { + "description": "NetworkEntity represents a network firewall entity", + "properties": { + "_id": { + "$ref": "#/components/schemas/cnnf.EntityID" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "collections": { + "description": "Collections indicate the collection the entity is part of.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "domains": { + "description": "Domains is a list of domains.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the entity name.\n", + "type": "string" + }, + "subnets": { + "description": "Subnets are the CIDR format network.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Subnet" + }, + "type": "array" + }, + "type": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + } + }, + "type": "object" + }, + "cnnf.NetworkFirewallAttackType": { + "description": "NetworkFirewallAttackType is the network firewall type of attack", + "enum": [ + [ + "unexpectedConnection" + ] + ], + "type": "string" + }, + "cnnf.Policy": { + "description": "Policy holds the data for firewall policies (host and container)", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "containerEnabled": { + "description": "ContainerEnabled indicates whether container network firewall feature is enabled.\n", + "type": "boolean" + }, + "containerRules": { + "description": "ContainerRules holds the container firewall rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Rule" + }, + "type": "array" + }, + "hostEnabled": { + "description": "HostEnabled indicates whether host network firewall feature is enabled.\n", + "type": "boolean" + }, + "hostRules": { + "description": "HostRules holds the host firewall rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Rule" + }, + "type": "array" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "networkEntities": { + "$ref": "#/components/schemas/cnnf.NetworkEntities" + }, + "owner": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "cnnf.RadarConnectionInstance": { + "description": "RadarConnectionInstance is an instance of a connection between two radar endpoints", + "properties": { + "dst": { + "description": "Dst is the dst of the connection instance. Typically kept as an IP or a hostname.\n", + "type": "string" + }, + "policyRule": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "port": { + "$ref": "#/components/schemas/common.PortData" + }, + "src": { + "description": "Src is the src of the connection instance. Typically kept as an IP or a hostname.\n", + "type": "string" + }, + "time": { + "description": "Time is the time the connection instance was added.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "cnnf.RadarConnectionInstances": { + "description": "RadarConnectionInstances holds the recent connections history between 2 entities (hosts, subnet entities, etc)", + "properties": { + "instances": { + "description": "Instances are connection samples.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstance" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.RadarPolicyRule": { + "description": "RadarPolicyRule holds the data of a single policy rule", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "portRanges": { + "description": "PortRanges specify the ranges of ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.Rule": { + "description": "Rule contains the properties common to both host and container network firewall", + "properties": { + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "dst": { + "$ref": "#/components/schemas/cnnf.EntityID" + }, + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "id": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "ports": { + "description": "Ports are the entity port range specifications.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "src": { + "$ref": "#/components/schemas/cnnf.EntityID" + } + }, + "type": "object" + }, + "cnnf.RuleEntityType": { + "description": "RuleEntityType is the network firewall rule entity type", + "enum": [ + [ + "container", + "host", + "subnet", + "dns" + ] + ], + "type": "string" + }, + "cnnf.RuleID": { + "description": "RuleID represents the ID of each container network firewall policy rule", + "type": "integer" + }, + "cnnf.Subnet": { + "description": "Subnet is a network firewall subnet", + "properties": { + "cidr": { + "description": "CIDR is the IP range of the defined entity.\n", + "type": "string" + }, + "name": { + "description": "Name is the given name to represent the range.\n", + "type": "string" + } + }, + "type": "object" + }, + "coderepos.ManifestFile": { + "description": "ManifestFile holds the data of a specific manifest file (can also be of a dependency manifest file)", + "properties": { + "dependencies": { + "description": "Packages listed in the manifest file.\n", + "items": { + "$ref": "#/components/schemas/coderepos.PkgDependency" + }, + "type": "array" + }, + "distribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "path": { + "description": "Path to the file.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "coderepos.PkgDependency": { + "description": "PkgDependency represents a required package", + "properties": { + "devDependency": { + "description": "Indicates if this dependency is used only for the development of the package (true) or not (false).\n", + "type": "boolean" + }, + "lastResolved": { + "description": "Date/time of the last version resolution. If the value is zero, it means the version is explicit and does not require resolving.\n", + "format": "date-time", + "type": "string" + }, + "licenseSeverity": { + "description": "Maximum severity of the detected licenses according to the compliance policy.\n", + "type": "string" + }, + "licenses": { + "description": "Detected licenses of the dependant package.\n", + "items": { + "$ref": "#/components/schemas/license.SPDXLicense" + }, + "type": "array" + }, + "name": { + "description": "Package name that the dependency refers to.\n", + "type": "string" + }, + "rawRequirement": { + "description": "Line in which the package is declared.\n", + "type": "string" + }, + "unsupported": { + "description": "Indicates if this package is unsupported by the remote package manager DB (e.g., due to a bad name or private package) (true) or not (false).\n", + "type": "boolean" + }, + "version": { + "description": "Package version, either explicitly specified in a manifest or resolved by the scanner.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "Vulnerabilities in the package.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "coderepos.Repository": { + "description": "Repository is the metadata for a code repository", + "properties": { + "build": { + "description": "CI build.\n", + "type": "string" + }, + "defaultBranch": { + "description": "Default branch in the repository, usually master.\n", + "type": "string" + }, + "digest": { + "description": "Repository content digest. Used to indicate if the content of the repository has changed.\n", + "type": "string" + }, + "fullName": { + "description": "Full name that represents the repository (/).\n", + "type": "string" + }, + "jobName": { + "description": "CI job name.\n", + "type": "string" + }, + "name": { + "description": "Repository name.\n", + "type": "string" + }, + "owner": { + "description": "GitHub username or organization name of the repository's owner.\n", + "type": "string" + }, + "private": { + "description": "Indicates if the repository is private (true) or not (false).\n", + "type": "boolean" + }, + "size": { + "description": "Size of the repository (in KB).\n", + "type": "integer" + }, + "url": { + "description": "URL is the repository address.\n", + "type": "string" + } + }, + "type": "object" + }, + "coderepos.ScanResult": { + "description": "ScanResult holds a specific repository data", + "properties": { + "_id": { + "description": "Scan report ID in the database.\n", + "type": "string" + }, + "collections": { + "description": "List of matching code repo collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceRiskScore": { + "description": "Code repository's compliance risk score. Used for sorting.\n", + "format": "float", + "type": "number" + }, + "files": { + "description": "Scan result for each manifest file in the repository.\n", + "items": { + "$ref": "#/components/schemas/coderepos.ManifestFile" + }, + "type": "array" + }, + "pass": { + "description": "Indicates whether the scan passed or failed.\n", + "type": "boolean" + }, + "repository": { + "$ref": "#/components/schemas/coderepos.Repository" + }, + "scanTime": { + "description": "Date/time when this repository was last scanned. The results might be from the DB and not updated if the repository contents have not changed.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.CodeRepoProviderType" + }, + "updateTime": { + "description": "Date/time when this repository was last updated.\n", + "format": "date-time", + "type": "string" + }, + "vulnInfo": { + "$ref": "#/components/schemas/shared.ImageInfo" + }, + "vulnerabilityRiskScore": { + "description": "Code repository's CVE risk score. Used for sorting.\n", + "format": "float", + "type": "number" + }, + "vulnerableFiles": { + "description": "Counts how many files have vulnerabilities. Vulnerability info is calculated on demand.\n", + "type": "integer" + } + }, + "type": "object" + }, + "collection.Collection": { + "description": "Collection is a collection of resources", + "properties": { + "accountIDs": { + "description": "List of account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "appIDs": { + "description": "List of application IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "clusters": { + "description": "List of Kubernetes cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "containers": { + "description": "List of containers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "description": { + "description": "Free-form text.\n", + "type": "string" + }, + "functions": { + "description": "List of functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hosts": { + "description": "List of hosts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "images": { + "description": "List of images.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "modified": { + "description": "Datetime when the collection was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Collection name. Must be unique.\n", + "type": "string" + }, + "namespaces": { + "description": "List of Kubernetes namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "owner": { + "description": "User who created or last modified the collection.\n", + "type": "string" + }, + "prisma": { + "description": "Indicates whether this collection originates from Prisma Cloud.\n", + "type": "boolean" + }, + "system": { + "description": "Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "collection.Usage": { + "description": "Usage represents details of a collection being used", + "properties": { + "name": { + "description": "Name of the consumer (e.g., container runtime, username, etc.).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/collection.UsageType" + } + }, + "type": "object" + }, + "collection.UsageType": { + "description": "UsageType represents a collection usage type", + "enum": [ + [ + "policy", + "settings", + "user", + "group", + "registryScan" + ] + ], + "type": "string" + }, + "common.CloudMetadata": { + "description": "CloudMetadata is the metadata for a cloud provider managed asset (e.g., as part of AWS/GCP/Azure/OCI)", + "properties": { + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "awsExecutionEnv": { + "description": "AWS execution environment (e.g. EC2/Fargate).\n", + "type": "string" + }, + "image": { + "description": "The name of the image the cloud managed host or container is based on.\n", + "type": "string" + }, + "labels": { + "description": "Cloud provider metadata labels.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "name": { + "description": "Resource name.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Resource's region.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource.\n", + "type": "string" + }, + "resourceURL": { + "description": "Server-defined URL for the resource.\n", + "type": "string" + }, + "type": { + "description": "Instance type.\n", + "type": "string" + }, + "vmID": { + "description": "Azure unique vm ID.\n", + "type": "string" + }, + "vmImageID": { + "description": "VMImageID holds the VM instance's image ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.CloudProvider": { + "description": "CloudProvider specifies the cloud provider name", + "enum": [ + [ + "aws", + "azure", + "gcp", + "alibaba", + "oci", + "others" + ] + ], + "type": "string" + }, + "common.ClusterType": { + "description": "ClusterType is the cluster type", + "enum": [ + [ + "AKS", + "ECS", + "EKS", + "GKE", + "Kubernetes" + ] + ], + "type": "string" + }, + "common.Color": { + "description": "Color is a hexadecimal representation of color code value", + "type": "string" + }, + "common.ContainerRuntime": { + "description": "ContainerRuntime represents the supported container runtime types", + "enum": [ + [ + "docker", + "containerd", + "crio" + ] + ], + "type": "string" + }, + "common.DaemonSetOptions": { + "description": "DaemonSetOptions are options for creating the daemonset install script for defenders", + "properties": { + "annotations": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Annotations is mapping of key-value pairs of annotations metadata - optional.\n", + "type": "object" + }, + "bottlerocket": { + "description": "Bottlerocket indicates whether to be deployed on a Bottlerocket Linux OS.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the kubernetes or ecs cluster name.\n", + "type": "string" + }, + "clusterNameResolvingMethod": { + "description": "ClusterNameResolvingMethod is the method used to resolve the cluster name, could be default, manual or api-server.\n", + "type": "string" + }, + "collectPodLabels": { + "description": "CollectPodLabels indicates whether to collect pod related labels resource labels.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address for defender communication.\n", + "type": "string" + }, + "containerRuntime": { + "$ref": "#/components/schemas/common.ContainerRuntime" + }, + "cpuLimit": { + "description": "CPULimit is the cpu limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "dockerSocketPath": { + "description": "DockerSocketPath is the path of the docker socket file.\n", + "type": "string" + }, + "gkeAutopilot": { + "description": "GKEAutopilot indicates the deployment is requested for GKE Autopilot.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the full daemonset image name.\n", + "type": "string" + }, + "istio": { + "description": "MonitorIstio indicates whether to monitor Istio.\n", + "type": "boolean" + }, + "memoryLimit": { + "description": "MemoryLimit is a memory limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "namespace": { + "description": "Namespace is the target deamonset namespaces.\n", + "type": "string" + }, + "nodeSelector": { + "description": "NodeSelector is a key/value node selector.\n", + "type": "string" + }, + "orchestration": { + "description": "Orchestration is the orchestration type.\n", + "type": "string" + }, + "priorityClassName": { + "description": "PriorityClassName is the name of the priority class for the defender - optional.\n", + "type": "string" + }, + "privileged": { + "description": "Privileged indicates whether to run defenders as privileged.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "roleARN": { + "description": "RoleARN is the role's ARN to associate with the created service account - optional.\n", + "type": "string" + }, + "secretsname": { + "description": "SecretsName is the name of the secret to pull.\n", + "type": "string" + }, + "selinux": { + "description": "SelinuxEnforced indicates whether selinux is enforced on the target host.\n", + "type": "boolean" + }, + "serviceaccounts": { + "description": "MonitorServiceAccounts indicates whether to monitor service accounts.\n", + "type": "boolean" + }, + "talos": { + "description": "Talos indicates if the daemonset is to be deployed on a Talos Linux k8s cluster.\n", + "type": "boolean" + }, + "tolerations": { + "description": "Tolerations is a list of tolerations for the defender deamonset - optional.\n", + "items": { + "$ref": "#/components/schemas/common.Toleration" + }, + "type": "array" + }, + "uniqueHostname": { + "description": "UniqueHostname indicates whether to assign unique hostnames.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "common.DefenderProxyOpt": { + "description": "DefenderProxyOpt holds options for defender proxy configuration\nIt embeds ProxySettings but override it's Password field with a simple string\nThis is needed in order to avoid Secret's MarshalJSON method, which depends on existence of master key file", + "properties": { + "ca": { + "description": "Proxy's CA for Defender to trust. Required when using TLS intercept proxies.\n", + "type": "string" + }, + "httpProxy": { + "description": "Proxy address.\n", + "type": "string" + }, + "noProxy": { + "description": "List of addresses for which the proxy should not be used.\n", + "type": "string" + }, + "password": { + "description": ".\n", + "type": "string" + }, + "user": { + "description": "Username to authenticate with the proxy.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.Effect": { + "description": "Effect is the effect that is used in the CNNF rule", + "enum": [ + [ + "allow", + "alert", + "prevent", + "monitor", + "" + ] + ], + "type": "string" + }, + "common.ExternalLabel": { + "description": "ExternalLabel holds an external label with a source and timestamp", + "properties": { + "key": { + "description": "Label key.\n", + "type": "string" + }, + "sourceName": { + "description": "Source name (e.g., for a namespace, the source name can be 'twistlock').\n", + "type": "string" + }, + "sourceType": { + "$ref": "#/components/schemas/common.ExternalLabelSourceType" + }, + "timestamp": { + "description": "Time when the label was fetched.\n", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "Value of the label.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.ExternalLabelSourceType": { + "description": "ExternalLabelSourceType indicates the source of the labels", + "enum": [ + [ + "namespace", + "deployment", + "aws", + "azure", + "gcp", + "oci" + ] + ], + "type": "string" + }, + "common.HostForensicSettings": { + "description": "HostForensicSettings indicates how to perform host forensic", + "properties": { + "activitiesDisabled": { + "description": "ActivitiesDisabled indicates if the host activity collection is enabled/disabled.\n", + "type": "boolean" + }, + "dockerEnabled": { + "description": "DockerEnabled indicates whether docker commands are collected.\n", + "type": "boolean" + }, + "readonlyDockerEnabled": { + "description": "ReadonlyDockerEnabled indicates whether docker readonly commands are collected.\n", + "type": "boolean" + }, + "serviceActivitiesEnabled": { + "description": "ServiceActivitiesEnabled indicates whether activities from services are collected.\n", + "type": "boolean" + }, + "sshdEnabled": { + "description": "SshdEnabled indicates whether ssh commands are collected.\n", + "type": "boolean" + }, + "sudoEnabled": { + "description": "SudoEnabled indicates whether sudo commands are collected.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "common.ImageType": { + "description": "ImageType is the type of a VM image.\nFor example, in the case of Azure this is one of marketplace/managed/gallery.", + "type": "string" + }, + "common.NetworkDeviceIP": { + "description": "NetworkDeviceIP represents a network device name and address pair", + "properties": { + "ip": { + "description": "Network device IPv4 address.\n", + "type": "string" + }, + "name": { + "description": "Network device name.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.OSDistroInfo": { + "description": "OSDistroInfo represents information regarding the OS distribution", + "properties": { + "distro": { + "description": "Distro is the OS distro name (e.g. ubuntu).\n", + "type": "string" + }, + "distroRelease": { + "description": "DistroRelease is the OS distro release (e.g. willy).\n", + "type": "string" + }, + "fullName": { + "description": "FullName is the full name of the distro (e.g. Ubuntu 19.10).\n", + "type": "string" + }, + "version": { + "description": "Version is the OS release numeric version (e.g. 19.10).\n", + "type": "string" + } + }, + "type": "object" + }, + "common.PolicyBlockMsg": { + "description": "PolicyBlockMsg represent the block message in a Policy", + "type": "string" + }, + "common.PolicyEffect": { + "description": "PolicyEffect state the effect of evaluating the given policy", + "enum": [ + [ + "allow", + "deny", + "block", + "alert" + ] + ], + "type": "string" + }, + "common.PolicyType": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + }, + "common.PortData": { + "description": "PortData is a port of connections with his metadata", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "protocol": { + "description": "Protocol is the protocol used in the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.PortRange": { + "description": "PortRange represents a port range", + "properties": { + "deny": { + "description": "Deny indicates whether the connection is denied.\n", + "type": "boolean" + }, + "end": { + "description": ".\n", + "type": "integer" + }, + "start": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "common.ProfileHash": { + "description": "ProfileHash represents the profile hash\nIt is allowed to contain up to uint32 numbers, and represented by int64 since mongodb does not support unsigned data types", + "format": "int64", + "type": "integer" + }, + "common.ProfilePort": { + "description": "ProfilePort represents a networking profile port", + "properties": { + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "time": { + "description": "Time is the learning timestamp of this port.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "common.ProfilePortData": { + "description": "ProfilePortData represents a runtime profile ports data", + "properties": { + "all": { + "description": "All indicates that this port data represents any arbitrary ports.\n", + "type": "boolean" + }, + "ports": { + "description": "Ports is the list of profile runtime ports.\n", + "items": { + "$ref": "#/components/schemas/common.ProfilePort" + }, + "type": "array" + } + }, + "type": "object" + }, + "common.ProxySettings": { + "description": "ProxySettings are the http proxy settings", + "properties": { + "ca": { + "description": "Proxy's CA for Defender to trust. Required when using TLS intercept proxies.\n", + "type": "string" + }, + "httpProxy": { + "description": "Proxy address.\n", + "type": "string" + }, + "noProxy": { + "description": "List of addresses for which the proxy should not be used.\n", + "type": "string" + }, + "password": { + "$ref": "#/components/schemas/common.Secret" + }, + "user": { + "description": "Username to authenticate with the proxy.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.RuntimeResource": { + "description": "RuntimeResource represents on which resource in the system a rule applies (e.g., specific host or image)\nEmpty resource or wildcard (*) represents all resources of a given type", + "properties": { + "accountIDs": { + "description": "List of account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "appIDs": { + "description": "List of application IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "clusters": { + "description": "List of Kubernetes cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containers": { + "description": "List of containers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "functions": { + "description": "List of functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hosts": { + "description": "List of hosts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "images": { + "description": "List of images.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "namespaces": { + "description": "List of Kubernetes namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "common.Secret": { + "description": "Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database", + "properties": { + "encrypted": { + "description": "Specifies an encrypted value of the secret.\n", + "type": "string" + }, + "plain": { + "description": "Specifies the plain text value of the secret.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.Toleration": { + "description": "Toleration holds options for pod toleration\nref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/\ncode ref: k8s.io/api/core/v1/types.go", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n+optional.\n", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.\n+optional.\n", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.\n+optional.\n", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.\n+optional.\n", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.\n+optional.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.AzureMIType": { + "enum": [ + [ + "user-assigned", + "system-assigned" + ] + ], + "type": "string" + }, + "cred.AzureSPInfo": { + "description": "AzureSPInfo contains the Azure credentials needed for certificate based authentications", + "properties": { + "clientId": { + "description": "ClientID is the client identifier.\n", + "type": "string" + }, + "miType": { + "$ref": "#/components/schemas/cred.AzureMIType" + }, + "subscriptionId": { + "description": "SubscriptionID is a GUID that uniquely identifies the subscription to use Azure services.\n", + "type": "string" + }, + "tenantId": { + "description": "TenantID is the ID of the AAD directory in which the application was created.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.Credential": { + "description": "Credential specifies the authentication data of an external provider", + "properties": { + "_id": { + "description": "Specifies the unique ID for credential.\n", + "type": "string" + }, + "accountGUID": { + "description": "Specifies the unique ID for an IBM Cloud account.\n", + "type": "string" + }, + "accountID": { + "description": "Specifies the account identifier. Example: a username, access key, account GUID, and so on.\n", + "type": "string" + }, + "accountName": { + "description": "Specifies the name of the cloud account.\n", + "type": "string" + }, + "apiToken": { + "$ref": "#/components/schemas/common.Secret" + }, + "azureSPInfo": { + "$ref": "#/components/schemas/cred.AzureSPInfo" + }, + "caCert": { + "description": "Specifies the CA certificate for a certificate-based authentication.\n", + "type": "string" + }, + "cloudProviderAccountID": { + "description": "Specifies the cloud provider account ID.\n", + "type": "string" + }, + "created": { + "description": "Specifies the time when the credential was created (or, when the account ID was changed for AWS).\n", + "format": "date-time", + "type": "string" + }, + "description": { + "description": "Specifies the description for a credential.\n", + "type": "string" + }, + "external": { + "description": "Indicates whether the credential was onboarded from the Prisma platform.\n", + "type": "boolean" + }, + "global": { + "description": "Indicates whether the credential scope is global.\nAvailable values are:\ntrue: Global\nfalse: Not Global\nNote: For GCP, the credential scope is the organization.\n", + "type": "boolean" + }, + "lastModified": { + "description": "Specifies the time when the credential was last modified.\n", + "format": "date-time", + "type": "string" + }, + "ociCred": { + "$ref": "#/components/schemas/cred.OCICred" + }, + "owner": { + "description": "Specifies the user who created or modified the credential.\n", + "type": "string" + }, + "prismaLastModified": { + "description": "Specifies the time when the account was last modified by Prisma Cloud Compute.\n", + "format": "int64", + "type": "integer" + }, + "roleArn": { + "description": "Specifies the Amazon Resource Name (ARN) of the role to be assumed.\n", + "type": "string" + }, + "secret": { + "$ref": "#/components/schemas/common.Secret" + }, + "skipVerify": { + "description": "Indicates whether to skip the certificate verification in TLS communication.\n", + "type": "boolean" + }, + "stsEndpoints": { + "description": "Specifies a list of specific endpoints for use in STS sessions in various regions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "tokens": { + "$ref": "#/components/schemas/cred.TemporaryToken" + }, + "type": { + "$ref": "#/components/schemas/cred.Type" + }, + "url": { + "description": "Specifies the base server URL.\n", + "type": "string" + }, + "useAWSRole": { + "description": "Indicates whether to authenticate using the IAM Role attached to the instance.\nAvailable values are:\ntrue: Authenticate with the attached credentials\nfalse: Don\u2019t authenticate with the attached credentials.\n", + "type": "boolean" + }, + "useSTSRegionalEndpoint": { + "description": "Indicates whether to use the regional STS endpoint for an STS session.\nAvailable values are:\ntrue: Use the regional STS\nfalse: Don\u2019t use the regional STS.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "cred.OCICred": { + "description": "OCICred are additional parameters required for OCI credentials", + "properties": { + "fingerprint": { + "description": "Fingerprint is the public key signature.\n", + "type": "string" + }, + "tenancyId": { + "description": "TenancyID is the OCID of the tenancy.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.TemporaryToken": { + "description": "TemporaryToken is a temporary session token for cloud provider APIs\nAWS - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html\nGCP - https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials\nAzure - https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on", + "properties": { + "awsAccessKeyId": { + "description": "Specifies a temporary access key.\n", + "type": "string" + }, + "awsSecretAccessKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "duration": { + "description": "Specifies a duration for the token.\n", + "format": "int64", + "type": "integer" + }, + "expirationTime": { + "description": "Specifies an expiration time for the token.\n", + "format": "date-time", + "type": "string" + }, + "token": { + "$ref": "#/components/schemas/common.Secret" + } + }, + "type": "object" + }, + "cred.Type": { + "description": "Type specifies the credential type", + "enum": [ + [ + "aws", + "azure", + "gcp", + "ibmCloud", + "oci", + "apiToken", + "basic", + "dtr", + "kubeconfig", + "certificate", + "gitlabToken" + ] + ], + "type": "string" + }, + "cred.UsageType": { + "description": "UsageType represents the credential usage type", + "enum": [ + [ + "Alert settings", + "Alert profile", + "Registry Scan", + "Serverless Scan", + "Cloud Scan", + "Secret Store", + "Serverless Auto-Deploy", + "Host Auto-deploy", + "VM Scan", + "Agentless Scan Hub", + "Custom Intelligence Endpoint", + "VMware Tanzu blobstore Scan", + "Kubernetes Audit settings", + "Agentless app firewall" + ] + ], + "type": "string" + }, + "customrules.Action": { + "description": "Action is the action to perform if the custom rule applies", + "enum": [ + [ + "audit", + "incident" + ] + ], + "type": "string" + }, + "customrules.Effect": { + "description": "Effect is the effect that will be used for custom rule", + "enum": [ + [ + "block", + "prevent", + "alert", + "allow", + "ban", + "disable" + ] + ], + "type": "string" + }, + "customrules.Ref": { + "description": "Ref represents a custom rule that is referenced by a policy rule", + "properties": { + "_id": { + "description": "Custom rule ID.\n", + "type": "integer" + }, + "action": { + "$ref": "#/components/schemas/customrules.Action" + }, + "effect": { + "$ref": "#/components/schemas/customrules.Effect" + } + }, + "type": "object" + }, + "customrules.Rule": { + "description": "Rule represents a custom rule", + "properties": { + "_id": { + "description": "Rule ID. Must be unique.\n", + "type": "integer" + }, + "attackTechniques": { + "description": "List of attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "description": { + "description": "Description of the rule.\n", + "type": "string" + }, + "message": { + "description": "Macro that is printed as part of the audit/incident message.\n", + "type": "string" + }, + "minVersion": { + "description": "Minimum version required to support the rule.\n", + "type": "string" + }, + "modified": { + "description": "Datetime when the rule was created or last modified.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "owner": { + "description": "User who created or modified the rule.\n", + "type": "string" + }, + "script": { + "description": "Custom script.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/customrules.Type" + }, + "vulnIDs": { + "$ref": "#/components/schemas/customrules.VulnIDs" + } + }, + "type": "object" + }, + "customrules.Type": { + "description": "Type is the type of the custom rule", + "enum": [ + [ + "processes", + "filesystem", + "network-outgoing", + "kubernetes-audit", + "waas-request", + "waas-response" + ] + ], + "type": "string" + }, + "customrules.VulnIDs": { + "description": "VulnIDs is the list of vulnerability IDs", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defender.Category": { + "description": "Category represents the defender target category", + "enum": [ + [ + "container", + "host", + "serverless", + "appEmbedded", + "hostAgentless", + "containerAgentless" + ] + ], + "type": "string" + }, + "defender.Defender": { + "description": "Defender is an update about an agent starting", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "certificateExpiration": { + "description": "Client certificate expiration time.\n", + "format": "date-time", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster name (fallback is internal IP).\n", + "type": "string" + }, + "clusterID": { + "description": "Unique ID generated for each DaemonSet. Used to group Defenders by clusters. Note: Kubernetes does not provide a cluster name as part of its API.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "collections": { + "description": "Collections to which this Defender belongs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "compatibleVersion": { + "description": "Indicates if Defender has a compatible version for communication (e.g., request logs) (true) or not (false).\n", + "type": "boolean" + }, + "connected": { + "description": "Indicates whether Defender is connected (true) or not (false).\n", + "type": "boolean" + }, + "features": { + "$ref": "#/components/schemas/defender.Features" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "fqdn": { + "description": "Full domain name of the host. Used in audit alerts to identify specific hosts.\n", + "type": "string" + }, + "hostname": { + "description": "Name of host where Defender is deployed.\n", + "type": "string" + }, + "isARM64": { + "description": "IsARM64 indicates whether the defender runs on aarch64 architecture.\n", + "type": "boolean" + }, + "lastModified": { + "description": "Datetime when the Defender's connectivity status last changed.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port that Defender uses to connect to Console.\n", + "type": "integer" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "remoteLoggingSupported": { + "description": "Indicates if Defender logs can be retrieved remotely (true) or not (false).\n", + "type": "boolean" + }, + "remoteMgmtSupported": { + "description": "Indicates if Defender can be remotely managed (upgraded, restarted) (true) or not (false).\n", + "type": "boolean" + }, + "status": { + "$ref": "#/components/schemas/defender.Status" + }, + "systemInfo": { + "$ref": "#/components/schemas/defender.SystemInfo" + }, + "tasBlobstoreScanner": { + "description": "Indicates TAS blobstore scanning only Defender.\n", + "type": "boolean" + }, + "tasClusterID": { + "description": "TAS cluster ID where Defender runs. This is typically set to the Cloud controller's API address.\n", + "type": "string" + }, + "tasFoundation": { + "description": "TASFoundation is the foundation the Defender is running on.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/defender.Type" + }, + "usingOldCA": { + "description": "UsingOldCA indicates whether the defender client is using an old certificate signed by an old CA for TLS handshake.\n", + "type": "boolean" + }, + "version": { + "description": "Defender version.\n", + "type": "string" + }, + "vpcObserver": { + "description": "VPCObserver indicates whether the defender runs in a VPC observer.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "defender.FeatureStatus": { + "description": "FeatureStatus holds data about defender features", + "properties": { + "enabled": { + "description": "Indicates if the feature is enabled (true) or not (false).\n", + "type": "boolean" + }, + "err": { + "description": "Error string, if an error occurred.\n", + "type": "string" + }, + "hostname": { + "description": "Name of host where Defender runs.\n", + "type": "string" + } + }, + "type": "object" + }, + "defender.Features": { + "description": "Features is the defender features that can be updated", + "properties": { + "clusterMonitoring": { + "description": "Indicates whether any of the cluster monitoring features are enabled (monitor service accounts, monitor Istio, collect Kubernetes pod labels).\n", + "type": "boolean" + }, + "proxyListenerType": { + "$ref": "#/components/schemas/defender.ProxyListenerType" + } + }, + "type": "object" + }, + "defender.ProxyListenerType": { + "description": "ProxyListenerType is the proxy listener type of defenders", + "type": "string" + }, + "defender.ScanStatus": { + "description": "ScanStatus represents the status of current scan", + "properties": { + "completed": { + "description": "Indicates if scanning has successfully completed (true) or not (false).\n", + "type": "boolean" + }, + "errors": { + "description": "List of errors that occurred during the last scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Name of the host where Defender runs.\n", + "type": "string" + }, + "scanTime": { + "description": "Datetime of the last completed scan.\n", + "format": "date-time", + "type": "string" + }, + "scanning": { + "description": "Indicates whether scanning is in progress (true) or not (false).\n", + "type": "boolean" + }, + "selective": { + "description": "Indicates if the scan is for a specific resource (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "defender.Settings": { + "description": "Settings is the Defender settings", + "properties": { + "admissionControlEnabled": { + "description": "Indicates if the admission controller is enabled (true) or not (false).\n", + "type": "boolean" + }, + "admissionControlWebhookSuffix": { + "description": "Relative path to the admission control webhook HTTP endpoint.\n", + "type": "string" + }, + "appEmbeddedFileSystemTracingEnabled": { + "description": "AppEmbeddedFileSystemTracingEnabled is the default deployment state for app embedded Defenders file system tracing.\n", + "type": "boolean" + }, + "automaticUpgrade": { + "description": "Deprecated: indicates if defenders should be automatically upgraded to the latest version.\n", + "type": "boolean" + }, + "disconnectPeriodDays": { + "description": "Number of consecutive days a Defender must remain disconnected for it to be considered decommissioned.\n", + "type": "integer" + }, + "hostCustomComplianceEnabled": { + "description": "Indicates if Defenders support host custom compliance checks (true) or not (false).\n", + "type": "boolean" + }, + "listeningPort": { + "description": "Port on which Defenders listen.\n", + "type": "integer" + } + }, + "type": "object" + }, + "defender.Status": { + "description": "Status is the generic status state per defender or global", + "properties": { + "appFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "container": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "features": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "filesystem": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostCustomCompliance": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "image": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "lastModified": { + "description": "Datetime the status was last modified.\n", + "format": "date-time", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "outOfBandAppFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "process": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runc": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runtime": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "tasDroplets": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "upgrade": { + "$ref": "#/components/schemas/defender.UpgradeStatus" + } + }, + "type": "object" + }, + "defender.SystemInfo": { + "description": "SystemInfo is the OS information of the host", + "properties": { + "cpuCount": { + "description": "CPU count on the host where Defender runs.\n", + "type": "integer" + }, + "freeDiskSpaceGB": { + "description": "Free disk space (in GB) on the host where Defender runs.\n", + "type": "integer" + }, + "kernelVersion": { + "description": "Kernel version on the host where Defender runs.\n", + "type": "string" + }, + "memoryGB": { + "description": "Total memory (in GB) on the host where Defender runs.\n", + "format": "double", + "type": "number" + }, + "totalDiskSpaceGB": { + "description": "Total disk space (in GB) on the host where Defender runs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "defender.Type": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs" + ] + ], + "type": "string" + }, + "defender.UpgradeStatus": { + "description": "UpgradeStatus represents the status of current twistlock defender upgrade", + "properties": { + "err": { + "description": "Error string, if an error occurred.\n", + "type": "string" + }, + "hostname": { + "description": "Name of the host where Defender runs.\n", + "type": "string" + }, + "lastModified": { + "description": "Datetime of the last upgrade.\n", + "format": "date-time", + "type": "string" + }, + "progress": { + "description": "Upgrade progress.\n", + "type": "integer" + } + }, + "type": "object" + }, + "deployment.CommandError": { + "description": "CommandError is the command error on specific instance", + "properties": { + "error": { + "description": "Error is the error in case the command failed.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the instance hostname.\n", + "type": "string" + }, + "instanceID": { + "description": "InstanceID is the instance id.\n", + "type": "string" + }, + "instanceName": { + "description": "InstanceName is the instance name.\n", + "type": "string" + }, + "projectID": { + "description": "ProjectID is instance GCP project id.\n", + "type": "string" + }, + "region": { + "description": "Region is the instance region for AWS or zone for GCP.\n", + "type": "string" + }, + "state": { + "description": "State is the error state in which the deployment failed (e.g. timed out/failed due to some other reason).\n", + "type": "string" + }, + "vmImage": { + "description": "VMImage is the instance image.\n", + "type": "string" + } + }, + "type": "object" + }, + "deployment.DaemonSet": { + "description": "DaemonSet holds information about deployed defender DaemonSet\nTODO #12377 - Implement Resource interface for collections filtering, after retrieving correct value to Cluster field", + "properties": { + "address": { + "description": "Address is the kubernetes cluster address.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the kubernetes cluster name.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "defendersVersion": { + "description": "DefendersVersion is the version of the defenders deployed.\n", + "type": "string" + }, + "desiredDefenders": { + "description": "DesiredDefenders is the number of desired defenders.\n", + "type": "integer" + }, + "error": { + "description": "Error indicates any related errors found.\n", + "type": "string" + }, + "hasDefender": { + "description": "HasDefender indicates if the cluster has at least one running defender.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "runningDefenders": { + "description": "RunningDefenders is the number of defenders running.\n", + "type": "integer" + }, + "upgradable": { + "description": "Upgradable indicates if the cluster is upgradable.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "float32": { + "format": "float", + "type": "number" + }, + "float64": { + "format": "double", + "type": "number" + }, + "forensic.ContainerEvent": { + "description": "ContainerEvent holds forensic event information (in flat structure)", + "properties": { + "allPorts": { + "description": "AllPorts indicates all listening ports are allowed.\n", + "type": "boolean" + }, + "attack": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "command": { + "description": "Command is the event command.\n", + "type": "string" + }, + "containerId": { + "description": "ContainerID is the event container id.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the event queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the event queried domain type.\n", + "type": "string" + }, + "dstIP": { + "description": "DstIP is the destination IP of the connection.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the destination port.\n", + "type": "integer" + }, + "dstProfileID": { + "description": "DstProfileID is the profile ID of the connection destination.\n", + "type": "string" + }, + "effect": { + "description": "Effect is the runtime audit effect.\n", + "type": "string" + }, + "listeningStartTime": { + "description": "listeningStartTime is the port listening start time.\n", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is the runtime audit message.\n", + "type": "string" + }, + "networkCollectionType": { + "$ref": "#/components/schemas/forensic.NetworkCollection" + }, + "outbound": { + "description": "Outbound indicates if the port is outbound.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the event path.\n", + "type": "string" + }, + "pid": { + "description": "Pid is the event process id.\n", + "type": "integer" + }, + "port": { + "description": "Port is the listening port.\n", + "type": "integer" + }, + "ppid": { + "description": "PPid is the event parent process id.\n", + "type": "integer" + }, + "process": { + "description": "Process is the event process.\n", + "type": "string" + }, + "srcIP": { + "description": "SrcIP is the source IP of the connection.\n", + "type": "string" + }, + "srcProfileID": { + "description": "SrcProfileID is the profile ID of the connection source.\n", + "type": "string" + }, + "static": { + "description": "Static indicates the event was added to the profile without behavioral indication.\n", + "type": "boolean" + }, + "timestamp": { + "description": "Timestamp is the event timestamp.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/forensic.ContainerEventType" + }, + "user": { + "description": "User is the event user.\n", + "type": "string" + } + }, + "type": "object" + }, + "forensic.ContainerEventType": { + "description": "ContainerEventType represents the kind of event", + "enum": [ + [ + "Process spawned", + "Binary created", + "Container started", + "Listening port", + "Connection established", + "Runtime audit", + "Runtime profile process", + "Runtime profile filesystem", + "Runtime profile networking", + "Incident", + "DNS query" + ] + ], + "type": "string" + }, + "forensic.HostEvent": { + "description": "HostEvent holds host forensic event information", + "properties": { + "app": { + "description": "App is the application associated with the event.\n", + "type": "string" + }, + "attack": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "command": { + "description": "Command is the event command.\n", + "type": "string" + }, + "country": { + "description": "Country is the country associated with the event.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the event queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the event queried domain type.\n", + "type": "string" + }, + "effect": { + "description": "Effect is the runtime audit effect.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates if the event is interactive.\n", + "type": "boolean" + }, + "ip": { + "description": "IP is the IP address associated with the event.\n", + "type": "string" + }, + "listeningStartTime": { + "description": "ListeningStartTime is the listening port start time.\n", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is the runtime audit message.\n", + "type": "string" + }, + "path": { + "description": "Path is the event path.\n", + "type": "string" + }, + "pid": { + "description": "Pid is the event process id.\n", + "type": "integer" + }, + "port": { + "description": "Port is the listening port.\n", + "type": "integer" + }, + "ppath": { + "description": "Path is the event parent path.\n", + "type": "string" + }, + "ppid": { + "description": "PPid is the event parent process id.\n", + "type": "integer" + }, + "process": { + "description": "Process is the event process.\n", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the event timestamp.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/forensic.HostEventType" + }, + "user": { + "description": "User is the event user.\n", + "type": "string" + } + }, + "type": "object" + }, + "forensic.HostEventType": { + "description": "HostEventType represents the kind of host event", + "enum": [ + [ + "Process spawned", + "Listening port", + "Binary created", + "Runtime audit", + "SSH event", + "Incident", + "DNS query" + ] + ], + "type": "string" + }, + "forensic.NetworkCollection": { + "description": "NetworkCollection describe the different types of collection of network events", + "type": "string" + }, + "identity.LdapSettings": { + "description": "LdapSettings are the ldap connectivity settings", + "properties": { + "accountPassword": { + "$ref": "#/components/schemas/common.Secret" + }, + "accountUpn": { + "description": "AccountUpn is the user principle name used to connect to the active directory server.\n", + "type": "string" + }, + "caCert": { + "description": "CaCert is cert in PEM format (optional, if not specified, skip_verify flag will be used).\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether LDAP is enabled.\n", + "type": "boolean" + }, + "groupSearchBase": { + "description": "GroupSearchBase is the LDAP search pattern for groups.\n", + "type": "string" + }, + "searchBase": { + "description": "SearchBase is the LDAP search pattern.\n", + "type": "string" + }, + "type": { + "description": "Type specifies the LDAP server type (AD or OpenLDAP).\n", + "type": "string" + }, + "url": { + "description": "URL is the ldap server url.\n", + "type": "string" + }, + "userSearchBase": { + "description": "UserSearchBase is the LDAP search pattern for users.\n", + "type": "string" + }, + "userSearchIdentifier": { + "description": "UserSearchIdentifier is the user identifier to use for querying open ldap (e.g., cn -> cn=user).\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.ProviderName": { + "description": "ProviderName is the identity provider name", + "enum": [ + [ + "github", + "openshift" + ] + ], + "type": "string" + }, + "identity.ProviderSettings": { + "description": "ProviderSettings are the Oauth/ OpenID Connect connectivity settings", + "properties": { + "authURL": { + "description": "AuthURL specifies auth URL.\n", + "type": "string" + }, + "cert": { + "description": "Cert is idp certificate.\n", + "type": "string" + }, + "clientID": { + "description": "ClientID is the client identifier issued to the client during the registration process.\n", + "type": "string" + }, + "clientSecret": { + "$ref": "#/components/schemas/common.Secret" + }, + "enabled": { + "description": "Enabled indicates whether Auth settings are enabled.\n", + "type": "boolean" + }, + "groupClaim": { + "description": "GroupClaim is the name of the group claim property.\n", + "type": "string" + }, + "groupScope": { + "description": "GroupScope specifies name of group scope.\n", + "type": "string" + }, + "openIDIssuesURL": { + "description": "OpenIDIssuesURL is the base URL for OpenID connect providers.\n", + "type": "string" + }, + "openshiftBaseURL": { + "description": "OpenshiftBaseURL is openshift base URL.\n", + "type": "string" + }, + "providerAlias": { + "description": "ProviderAlias is the provider alias used for display.\n", + "type": "string" + }, + "providerName": { + "$ref": "#/components/schemas/identity.ProviderName" + }, + "tokenURL": { + "description": "TokenURL specifies token URL.\n", + "type": "string" + }, + "userClaim": { + "description": "UserClaim is the name of the user claim property.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.RedirectURLResponse": { + "description": "RedirectURLResponse is the response for identity redirect endpoint", + "properties": { + "enabled": { + "description": "Enabled identify if auth provider is enabled.\n", + "type": "boolean" + }, + "url": { + "description": "URL is the redirect URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.SamlSettings": { + "description": "SamlSettings are the saml connectivity settings", + "properties": { + "appId": { + "description": "AppID is the Azure application ID.\n", + "type": "string" + }, + "appSecret": { + "$ref": "#/components/schemas/common.Secret" + }, + "audience": { + "description": "Audience specifies the SAML audience used in the verification of the SAML response.\n", + "type": "string" + }, + "cert": { + "description": "Cert is idp certificate in PEM format.\n", + "type": "string" + }, + "consoleURL": { + "description": "ConsoleURL is the external Console URL that is used by the IDP for routing the browser after login.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether saml settings are enabled.\n", + "type": "boolean" + }, + "groupAttribute": { + "description": "GroupAttribute is the name of the group attribute.\n", + "type": "string" + }, + "issuer": { + "description": "Issuer is idp issuer id.\n", + "type": "string" + }, + "providerAlias": { + "description": "ProviderAlias is the provider alias used for display.\n", + "type": "string" + }, + "skipAuthnContext": { + "description": "SkipAuthnContext indicates whether request authentication contexts should be skipped.\n", + "type": "boolean" + }, + "tenantId": { + "description": "TenantID is the Azure Tenant ID.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/identity.SamlType" + }, + "url": { + "description": "URL is idp sso url.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.SamlType": { + "description": "SamlType represents the type of a SAML configured settings", + "enum": [ + [ + "okta", + "gsuite", + "ping", + "shibboleth", + "azure", + "adfs" + ] + ], + "type": "string" + }, + "identity.Settings": { + "description": "Settings hold the identity settings for supported providers", + "properties": { + "ldap": { + "$ref": "#/components/schemas/identity.LdapSettings" + }, + "oauth": { + "$ref": "#/components/schemas/identity.ProviderSettings" + }, + "openid": { + "$ref": "#/components/schemas/identity.ProviderSettings" + }, + "saml": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + }, + "type": "object" + }, + "int": { + "type": "integer" + }, + "int16": { + "type": "integer" + }, + "int64": { + "format": "int64", + "type": "integer" + }, + "intelligence.IntelligenceSettings": { + "description": "IntelligenceSettings are the intelligence service settings", + "properties": { + "address": { + "description": "Address is the intelligence service address.\n", + "type": "string" + }, + "customEndpoint": { + "description": "CustomEndpoint is the user defined custom endpoint.\n", + "type": "string" + }, + "customEndpointCACert": { + "description": "CustomEndpointCACert is the custom CA cert bundle for trusting the custom endpoint.\n", + "type": "string" + }, + "customEndpointCredentialID": { + "description": "CustomEndpointCredentialID is the custom endpoint credential ID.\n", + "type": "string" + }, + "customEndpointEnabled": { + "description": "CustomEndpointEnabled indicates that the user custom endpoint is enabled.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether intelligence service is enabled.\n", + "type": "boolean" + }, + "token": { + "description": "Token is the token used to access intelligence service.\n", + "type": "string" + }, + "uploadDisabled": { + "description": "UploadDisabled indicates whether logs uploading is disabled.\n", + "type": "boolean" + }, + "windowsFeedEnabled": { + "description": "WindowsFeedEnabled indicates whether windows feed is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicy": { + "description": "AuthorizationPolicy is a compact version of Istio AuthorizationPolicy resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#AuthorizationPolicy", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "name": { + "description": "Name is the authorization policy name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the authorization policy.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the access rules this authorization policy defines.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyRule" + }, + "type": "array" + }, + "targetServices": { + "description": "TargetServices is the list of services the authorization policy applies on.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyService" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyDestination": { + "description": "AuthorizationPolicyDestination is a compact version of Istio Operation resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Operation", + "properties": { + "methods": { + "description": "Methods are the destination endpoint HTTP methods, such as: \"GET\", \"POST\".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "paths": { + "description": "Paths are the destination HTTP paths.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the destination endpoint ports.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyRule": { + "description": "AuthorizationPolicyRule is a compact version of Istio Rule resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Rule", + "properties": { + "destinations": { + "description": "Destinations are the endpoint definitions the rule grants access to.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyDestination" + }, + "type": "array" + }, + "sources": { + "description": "Sources are the metadatas of the services the rule grants access to.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicySource" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyService": { + "description": "AuthorizationPolicyService represents a service an authorization policy applies on\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Source", + "properties": { + "name": { + "description": "Name is the service name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the service namespace.\n", + "type": "string" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicySource": { + "description": "AuthorizationPolicySource is a compact version of Istio Source resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Source", + "properties": { + "namespaces": { + "description": "Namespaces are the source services namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "principals": { + "description": "Principals are the source services principals.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "kubeaudit.Audit": { + "description": "Audit represents a Kubernetes audit - this is the data that is stored for matched audits", + "properties": { + "accountID": { + "description": "AccountID is the account ID the Kubernetes audit belongs to.\n", + "type": "string" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "authorizationInfo": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "AuthorizationInfo holds the original event authorization info.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster the Kubernetes audit belongs to.\n", + "type": "string" + }, + "collections": { + "description": "Collections that apply to the Kubernetes audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "eventBlob": { + "description": "EventBlob is the original event that caused this audit.\n", + "type": "string" + }, + "message": { + "description": "Message is the user defined message which appears on audit.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "requestURI": { + "description": "RequestURI is the request URI as sent by the client to a server.\n", + "type": "string" + }, + "resources": { + "description": "Resource represents the resource that is impacted by this event.\n", + "type": "string" + }, + "sourceIPs": { + "description": "Source IPs, from where the request originated and intermediate proxies (optional).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "time": { + "description": "Time is the time at which the request was generated.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "$ref": "#/components/schemas/kubeaudit.EventUserInfo" + }, + "verb": { + "description": "Verb is the kubernetes verb associated with the request.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.AuditSettings": { + "description": "AuditSettings represents the kubernetes audits settings", + "properties": { + "lastPollingTime": { + "description": "LastPollingTime holds the last time the logs were polled.\n", + "format": "date-time", + "type": "string" + }, + "specifications": { + "description": "Specifications are the K8s audits fetching CSP specifications.\n", + "items": { + "$ref": "#/components/schemas/kubeaudit.AuditSpecification" + }, + "type": "array" + }, + "webhookUrlSuffix": { + "description": "WebhookSuffix is the relative path to the webhook http endpoint, used for auditing K8S events sent to the console from a cluster.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.AuditSpecification": { + "description": "AuditSpecification is the specification for fetching audits from a CSP", + "properties": { + "awsRegion": { + "description": "AWSRegion is the cloud region to fetch from.\n", + "type": "string" + }, + "azureResourceGroups": { + "description": "AzureResourceGroups holds the resource groups to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "azureWorkspaceName": { + "description": "AzureWorkspaceName holds the workspace name to fetch from.\n", + "type": "string" + }, + "clusters": { + "description": "Clusters are the clusters to fetch.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialID": { + "description": "CredentialID is the credential to use for CSP authentication for this specification.\n", + "type": "string" + }, + "deploymentType": { + "$ref": "#/components/schemas/kubeaudit.DeploymentType" + }, + "filter": { + "description": "Filter is a provider specific query using the provider's query syntax for additional filtering.\n", + "type": "string" + }, + "gcpProjectIDs": { + "description": "GCPProjectIDs holds the IDs of projects to fetch from.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the specification unique identification as provided by the user.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.DeploymentType": { + "description": "DeploymentType specifies the type of Kubernetes deployment", + "enum": [ + [ + "gke", + "aks", + "eks" + ] + ], + "type": "string" + }, + "kubeaudit.EventUserInfo": { + "description": "EventUserInfo holds the information about the user that authenticated to Kubernentes", + "properties": { + "groups": { + "description": "The names of groups this user is a part of (optional).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "uid": { + "description": "A unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs (optional).\n", + "type": "string" + }, + "username": { + "description": "The name that uniquely identifies this user among all active users (optional).\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.Policy": { + "description": "Policy represents a Kubernetes audit policy enforced on Kubernetes audits", + "properties": { + "_id": { + "description": "ID is the Kubernetes audit policy ID.\n", + "type": "string" + }, + "customRulesIDs": { + "description": "CustomRulesIDs is a list of the custom runtime rules ids that apply to this policy.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled specifies if Kubernetes audits are enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "license.SPDXLicense": { + "description": "SPDXLicense represents a SPDX license ID", + "enum": [ + [ + "0BSD", + "AAL", + "ADSL", + "AFL-1.1", + "AFL-1.2", + "AFL-2.0", + "AFL-2.1", + "AFL-3.0", + "AGPL-1.0", + "AGPL-1.0-only", + "AGPL-1.0-or-later", + "AGPL-3.0", + "AGPL-3.0-only", + "AGPL-3.0-or-later", + "AMDPLPA", + "AML", + "AMPAS", + "ANTLR-PD", + "ANTLR-PD-fallback", + "APAFML", + "APL-1.0", + "APSL-1.0", + "APSL-1.1", + "APSL-1.2", + "APSL-2.0", + "Abstyles", + "Adobe-2006", + "Adobe-Glyph", + "Afmparse", + "Aladdin", + "Apache-1.0", + "Apache-1.1", + "Apache-2.0", + "Artistic-1.0", + "Artistic-1.0-Perl", + "Artistic-1.0-cl8", + "Artistic-2.0", + "BSD-1-Clause", + "BSD-2-Clause", + "BSD-2-Clause-FreeBSD", + "BSD-2-Clause-NetBSD", + "BSD-2-Clause-Patent", + "BSD-2-Clause-Views", + "BSD-3-Clause", + "BSD-3-Clause-Attribution", + "BSD-3-Clause-Clear", + "BSD-3-Clause-LBNL", + "BSD-3-Clause-No-Nuclear-License", + "BSD-3-Clause-No-Nuclear-License-2014", + "BSD-3-Clause-No-Nuclear-Warranty", + "BSD-3-Clause-Open-MPI", + "BSD-4-Clause", + "BSD-4-Clause-UC", + "BSD-Protection", + "BSD-Source-Code", + "BSL-1.0", + "BUSL-1.1", + "Bahyph", + "Barr", + "Beerware", + "BitTorrent-1.0", + "BitTorrent-1.1", + "BlueOak-1.0.0", + "Borceux", + "CAL-1.0", + "CAL-1.0-Combined-Work-Exception", + "CATOSL-1.1", + "CC-BY-1.0", + "CC-BY-2.0", + "CC-BY-2.5", + "CC-BY-3.0", + "CC-BY-3.0-AT", + "CC-BY-3.0-US", + "CC-BY-4.0", + "CC-BY-NC-1.0", + "CC-BY-NC-2.0", + "CC-BY-NC-2.5", + "CC-BY-NC-3.0", + "CC-BY-NC-4.0", + "CC-BY-NC-ND-1.0", + "CC-BY-NC-ND-2.0", + "CC-BY-NC-ND-2.5", + "CC-BY-NC-ND-3.0", + "CC-BY-NC-ND-3.0-IGO", + "CC-BY-NC-ND-4.0", + "CC-BY-NC-SA-1.0", + "CC-BY-NC-SA-2.0", + "CC-BY-NC-SA-2.5", + "CC-BY-NC-SA-3.0", + "CC-BY-NC-SA-4.0", + "CC-BY-ND-1.0", + "CC-BY-ND-2.0", + "CC-BY-ND-2.5", + "CC-BY-ND-3.0", + "CC-BY-ND-4.0", + "CC-BY-SA-1.0", + "CC-BY-SA-2.0", + "CC-BY-SA-2.0-UK", + "CC-BY-SA-2.5", + "CC-BY-SA-3.0", + "CC-BY-SA-3.0-AT", + "CC-BY-SA-4.0", + "CC-PDDC", + "CC0-1.0", + "CDDL-1.0", + "CDDL-1.1", + "CDLA-Permissive-1.0", + "CDLA-Sharing-1.0", + "CECILL-1.0", + "CECILL-1.1", + "CECILL-2.0", + "CECILL-2.1", + "CECILL-B", + "CECILL-C", + "CERN-OHL-1.1", + "CERN-OHL-1.2", + "CERN-OHL-P-2.0", + "CERN-OHL-S-2.0", + "CERN-OHL-W-2.0", + "CNRI-Jython", + "CNRI-Python", + "CNRI-Python-GPL-Compatible", + "CPAL-1.0", + "CPL-1.0", + "CPOL-1.02", + "CUA-OPL-1.0", + "Caldera", + "ClArtistic", + "Condor-1.1", + "Crossword", + "CrystalStacker", + "Cube", + "D-FSL-1.0", + "DOC", + "DSDP", + "Dotseqn", + "ECL-1.0", + "ECL-2.0", + "EFL-1.0", + "EFL-2.0", + "EPICS", + "EPL-1.0", + "EPL-2.0", + "EUDatagrid", + "EUPL-1.0", + "EUPL-1.1", + "EUPL-1.2", + "Entessa", + "ErlPL-1.1", + "Eurosym", + "FSFAP", + "FSFUL", + "FSFULLR", + "FTL", + "Fair", + "Frameworx-1.0", + "FreeImage", + "GFDL-1.1", + "GFDL-1.1-invariants-only", + "GFDL-1.1-invariants-or-later", + "GFDL-1.1-no-invariants-only", + "GFDL-1.1-no-invariants-or-later", + "GFDL-1.1-only", + "GFDL-1.1-or-later", + "GFDL-1.2", + "GFDL-1.2-invariants-only", + "GFDL-1.2-invariants-or-later", + "GFDL-1.2-no-invariants-only", + "GFDL-1.2-no-invariants-or-later", + "GFDL-1.2-only", + "GFDL-1.2-or-later", + "GFDL-1.3", + "GFDL-1.3-invariants-only", + "GFDL-1.3-invariants-or-later", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-only", + "GFDL-1.3-or-later", + "GL2PS", + "GLWTPL", + "GPL-1.0", + "GPL-1.0+", + "GPL-1.0-only", + "GPL-1.0-or-later", + "GPL-2.0", + "GPL-2.0+", + "GPL-2.0-only", + "GPL-2.0-or-later", + "GPL-2.0-with-GCC-exception", + "GPL-2.0-with-autoconf-exception", + "GPL-2.0-with-bison-exception", + "GPL-2.0-with-classpath-exception", + "GPL-2.0-with-font-exception", + "GPL-3.0", + "GPL-3.0+", + "GPL-3.0-only", + "GPL-3.0-or-later", + "GPL-3.0-with-GCC-exception", + "GPL-3.0-with-autoconf-exception", + "Giftware", + "Glide", + "Glulxe", + "HPND", + "HPND-sell-variant", + "HTMLTIDY", + "HaskellReport", + "Hippocratic-2.1", + "IBM-pibs", + "ICU", + "IJG", + "IPA", + "IPL-1.0", + "ISC", + "ImageMagick", + "Imlib2", + "Info-ZIP", + "Intel", + "Intel-ACPI", + "Interbase-1.0", + "JPNIC", + "JSON", + "JasPer-2.0", + "LAL-1.2", + "LAL-1.3", + "LGPL-2.0", + "LGPL-2.0+", + "LGPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1-only", + "LGPL-2.1-or-later", + "LGPL-3.0", + "LGPL-3.0+", + "LGPL-3.0-only", + "LGPL-3.0-or-later", + "LGPLLR", + "LPL-1.0", + "LPL-1.02", + "LPPL-1.0", + "LPPL-1.1", + "LPPL-1.2", + "LPPL-1.3a", + "LPPL-1.3c", + "Latex2e", + "Leptonica", + "LiLiQ-P-1.1", + "LiLiQ-R-1.1", + "LiLiQ-Rplus-1.1", + "Libpng", + "Linux-OpenIB", + "MIT", + "MIT-0", + "MIT-CMU", + "MIT-advertising", + "MIT-enna", + "MIT-feh", + "MIT-open-group", + "MITNFA", + "MPL-1.0", + "MPL-1.1", + "MPL-2.0", + "MPL-2.0-no-copyleft-exception", + "MS-PL", + "MS-RL", + "MTLL", + "MakeIndex", + "MirOS", + "Motosoto", + "MulanPSL-1.0", + "MulanPSL-2.0", + "Multics", + "Mup", + "NASA-1.3", + "NBPL-1.0", + "NCGL-UK-2.0", + "NCSA", + "NGPL", + "NIST-PD", + "NIST-PD-fallback", + "NLOD-1.0", + "NLPL", + "NOSL", + "NPL-1.0", + "NPL-1.1", + "NPOSL-3.0", + "NRL", + "NTP", + "NTP-0", + "Naumen", + "Net-SNMP", + "NetCDF", + "Newsletr", + "Nokia", + "Noweb", + "Nunit", + "O-UDA-1.0", + "OCCT-PL", + "OCLC-2.0", + "ODC-By-1.0", + "ODbL-1.0", + "OFL-1.0", + "OFL-1.0-RFN", + "OFL-1.0-no-RFN", + "OFL-1.1", + "OFL-1.1-RFN", + "OFL-1.1-no-RFN", + "OGC-1.0", + "OGL-Canada-2.0", + "OGL-UK-1.0", + "OGL-UK-2.0", + "OGL-UK-3.0", + "OGTSL", + "OLDAP-1.1", + "OLDAP-1.2", + "OLDAP-1.3", + "OLDAP-1.4", + "OLDAP-2.0", + "OLDAP-2.0.1", + "OLDAP-2.1", + "OLDAP-2.2", + "OLDAP-2.2.1", + "OLDAP-2.2.2", + "OLDAP-2.3", + "OLDAP-2.4", + "OLDAP-2.5", + "OLDAP-2.6", + "OLDAP-2.7", + "OLDAP-2.8", + "OML", + "OPL-1.0", + "OSET-PL-2.1", + "OSL-1.0", + "OSL-1.1", + "OSL-2.0", + "OSL-2.1", + "OSL-3.0", + "OpenSSL", + "PDDL-1.0", + "PHP-3.0", + "PHP-3.01", + "PSF-2.0", + "Parity-6.0.0", + "Parity-7.0.0", + "Plexus", + "PolyForm-Noncommercial-1.0.0", + "PolyForm-Small-Business-1.0.0", + "PostgreSQL", + "Python-2.0", + "QPL-1.0", + "Qhull", + "RHeCos-1.1", + "RPL-1.1", + "RPL-1.5", + "RPSL-1.0", + "RSA-MD", + "RSCPL", + "Rdisc", + "Ruby", + "SAX-PD", + "SCEA", + "SGI-B-1.0", + "SGI-B-1.1", + "SGI-B-2.0", + "SHL-0.5", + "SHL-0.51", + "SISSL", + "SISSL-1.2", + "SMLNJ", + "SMPPL", + "SNIA", + "SPL-1.0", + "SSH-OpenSSH", + "SSH-short", + "SSPL-1.0", + "SWL", + "Saxpath", + "Sendmail", + "Sendmail-8.23", + "SimPL-2.0", + "Sleepycat", + "Spencer-86", + "Spencer-94", + "Spencer-99", + "StandardML-NJ", + "SugarCRM-1.1.3", + "TAPR-OHL-1.0", + "TCL", + "TCP-wrappers", + "TMate", + "TORQUE-1.1", + "TOSL", + "TU-Berlin-1.0", + "TU-Berlin-2.0", + "UCL-1.0", + "UPL-1.0", + "Unicode-DFS-2015", + "Unicode-DFS-2016", + "Unicode-TOU", + "Unlicense", + "VOSTROM", + "VSL-1.0", + "Vim", + "W3C", + "W3C-19980720", + "W3C-20150513", + "WTFPL", + "Watcom-1.0", + "Wsuipa", + "X11", + "XFree86-1.1", + "XSkat", + "Xerox", + "Xnet", + "YPL-1.0", + "YPL-1.1", + "ZPL-1.1", + "ZPL-2.0", + "ZPL-2.1", + "Zed", + "Zend-2.0", + "Zimbra-1.3", + "Zimbra-1.4", + "Zlib", + "blessing", + "bzip2-1.0.5", + "bzip2-1.0.6", + "copyleft-next-0.3.0", + "copyleft-next-0.3.1", + "curl", + "diffmark", + "dvipdfm", + "eCos-2.0", + "eGenix", + "etalab-2.0", + "gSOAP-1.3b", + "gnuplot", + "iMatix", + "libpng-2.0", + "libselinux-1.0", + "libtiff", + "mpich2", + "psfrag", + "psutils", + "wxWindows", + "xinetd", + "xpp", + "zlib-acknowledgement" + ] + ], + "type": "string" + }, + "log.LogEntry": { + "description": "LogEntry represents a single log line", + "properties": { + "level": { + "description": "Level is the log level.\n", + "type": "string" + }, + "log": { + "description": "Log is the log text.\n", + "type": "string" + }, + "time": { + "description": "Time is the log time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "mitre.Technique": { + "description": "Technique is the MITRE framework attack technique", + "enum": [ + [ + "exploitationForPrivilegeEscalation", + "exploitPublicFacingApplication", + "applicationExploitRCE", + "networkServiceScanning", + "endpointDenialOfService", + "exfiltrationGeneral", + "systemNetworkConfigurationDiscovery", + "unsecuredCredentials", + "credentialDumping", + "systemInformationDiscovery", + "systemNetworkConnectionDiscovery", + "systemUserDiscovery", + "accountDiscovery", + "cloudInstanceMetadataAPI", + "accessKubeletMainAPI", + "queryKubeletReadonlyAPI", + "accessKubernetesAPIServer", + "softwareDeploymentTools", + "ingressToolTransfer", + "lateralToolTransfer", + "commandAndControlGeneral", + "resourceHijacking", + "manInTheMiddle", + "nativeBinaryExecution", + "foreignBinaryExecution", + "createAccount", + "accountManipulation", + "abuseElevationControlMechanisms", + "supplyChainCompromise", + "obfuscatedFiles", + "hijackExecutionFlow", + "impairDefences", + "scheduledTaskJob", + "exploitationOfRemoteServices", + "eventTriggeredExecution", + "accountAccessRemoval", + "privilegedContainer", + "writableVolumes", + "execIntoContainer", + "softwareDiscovery", + "createContainer", + "kubernetesSecrets", + "fileAndDirectoryDiscovery", + "masquerading", + "webShell", + "compileAfterDelivery" + ] + ], + "type": "string" + }, + "packages.Type": { + "description": "Type describes the package type", + "enum": [ + [ + "nodejs", + "gem", + "python", + "jar", + "package", + "windows", + "binary", + "nuget", + "go", + "app", + "unknown" + ] + ], + "type": "string" + }, + "prisma.AlertIntegration": { + "description": "AlertIntegration has the relevant fields for Prisma Cloud defined integrations\nhttps://prisma.pan.dev/api/cloud/cspm/integrations#operation/get-all-integrations", + "properties": { + "id": { + "description": "ID of the integration in Prisma Cloud.\n", + "type": "string" + }, + "integrationConfig": { + "$ref": "#/components/schemas/prisma.IntegrationConfig" + }, + "integrationType": { + "description": "IntegrationType is the provider type.\n", + "type": "string" + }, + "name": { + "description": "Name of the integration in Prisma Cloud.\n", + "type": "string" + } + }, + "type": "object" + }, + "prisma.AssetType": { + "description": "AssetType is the integral value that we need to pass to PC in the UAI and Unified Alerts integrations to identify the asset type\nMappings of the asset types agreed upon with PC can be found here - https://docs.google.com/spreadsheets/d/1M0Aj5U4vpFGEnpd0v_xK-CsxSH4lovE7p93hkzE4DTY\nAdditional asset types can be found here - https://redlock.atlassian.net/browse/RLP-57240\nThis value will be identical to resource api id in case of Unified Alerts", + "enum": [ + [ + "15", + "16", + "39", + "45", + "65", + "5051", + "5070", + "7075", + "7077", + "10523", + "10524", + "10562", + "15000", + "20019", + "20028", + "20042", + "20051", + "20125", + "20126", + "20127", + "20155", + "25001", + "30012", + "30013", + "30014", + "30015", + "30016", + "30018", + "30020" + ] + ], + "type": "integer" + }, + "prisma.CloudType": { + "description": "CloudType is the prisma cloud type of the resource that is used for policy verdict creation\nCloud type values are documented here - https://docs.google.com/spreadsheets/d/1ZRlPl2IdEX22-7pSnqxeJGwwS0jyUbJJ16IkuPoiHMU", + "enum": [ + [ + "1", + "2", + "3", + "4", + "5", + "6" + ] + ], + "type": "integer" + }, + "prisma.IntegrationConfig": { + "description": "IntegrationConfig holds the additional configuration data for each integration", + "properties": { + "accountId": { + "description": "SecurityHubAccountID is the AWS account ID.\n", + "type": "string" + }, + "regions": { + "description": "SecurityHubIntegrationRegions holds AWS account available regions.\n", + "items": { + "$ref": "#/components/schemas/prisma.SecurityHubIntegrationRegions" + }, + "type": "array" + }, + "tables": { + "description": "ServiceNowIntegrationConfig holds ServiceNow tables info.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "prisma.SecurityHubIntegrationRegions": { + "description": "SecurityHubIntegrationRegions holds AWS Security Hub regions info", + "properties": { + "apiIdentifier": { + "description": "APIIdentifier represents the AWS region.\n", + "type": "string" + }, + "name": { + "description": "Name is the region name.\n", + "type": "string" + } + }, + "type": "object" + }, + "prisma.ServiceProvider": { + "description": "ServiceProvider represents service provider id or \"other\" in case it is non cloud.", + "enum": [ + [ + "aws", + "azure", + "gcp", + "alibaba_cloud", + "oci", + "other" + ] + ], + "type": "string" + }, + "rbac.PermName": { + "description": "PermName is a name of permission to a single resource type", + "enum": [ + [ + "radarsContainers", + "radarsHosts", + "radarsServerless", + "radarsCloud", + "policyContainers", + "policyHosts", + "policyServerless", + "policyCloud", + "policyComplianceCustomRules", + "policyRuntimeContainer", + "policyRuntimeHosts", + "policyRuntimeServerless", + "policyCustomRules", + "policyWAAS", + "policyCNNF", + "policyAccessSecrets", + "policyAccessKubernetes", + "monitorVuln", + "monitorCompliance", + "monitorImages", + "monitorHosts", + "monitorServerless", + "monitorCloud", + "monitorCI", + "monitorRuntimeContainers", + "monitorRuntimeHosts", + "monitorRuntimeServerless", + "monitorRuntimeIncidents", + "sandbox", + "monitorWAAS", + "monitorCNNF", + "monitorAccessDocker", + "monitorAccessKubernetes", + "systemLogs", + "manageDefenders", + "manageAlerts", + "collections", + "manageCreds", + "authConfiguration", + "userManagement", + "systemOperations", + "privilegedOperations", + "downloads", + "accessUI", + "uIEventSubscriber", + "user", + "none" + ] + ], + "type": "string" + }, + "rbac.Permission": { + "description": "Permission is a named resource permission", + "properties": { + "name": { + "$ref": "#/components/schemas/rbac.PermName" + }, + "readWrite": { + "description": "ReadWrite indicates RW or RO permission.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "rbac.Role": { + "description": "Role represents the role of a given user/group", + "properties": { + "description": { + "description": "Description is the role's description.\n", + "type": "string" + }, + "name": { + "description": "Name is the role name.\n", + "type": "string" + }, + "perms": { + "description": "Perms are the role resource permissions.\n", + "items": { + "$ref": "#/components/schemas/rbac.Permission" + }, + "type": "array" + }, + "system": { + "description": "System indicates predefined immutable system role.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.AntiMalwareRule": { + "description": "AntiMalwareRule represents restrictions/suppression for suspected anti-malware", + "properties": { + "allowedProcesses": { + "description": "AllowedProcesses contains paths of files and processes for which we skip anti-malware checks.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cryptoMiner": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "customFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedProcesses": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "detectCompilerGeneratedBinary": { + "description": "DetectCompilerGeneratedBinary represents what happens when a compiler service writes a binary.\n", + "type": "boolean" + }, + "encryptedBinaries": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "executionFlowHijack": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "reverseShell": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "serviceUnknownOriginBinary": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipSSHTracking": { + "description": "SkipSSHTracking indicates whether host SSH tracking should be skipped.\n", + "type": "boolean" + }, + "suspiciousELFHeaders": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "tempFSProc": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "userUnknownOriginBinary": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "webShell": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.App": { + "description": "App represents the applications runtime data", + "properties": { + "listeningPorts": { + "description": "ListeningPorts represents the applications listening ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostProfileListeningPort" + }, + "type": "array" + }, + "name": { + "description": "Name is the app name.\n", + "type": "string" + }, + "outgoingPorts": { + "description": "OutgoingPorts represents the applications outgoing ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostProfileOutgoingPort" + }, + "type": "array" + }, + "processes": { + "description": "Processes is a list of the app's descendant processes.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + }, + "startupProcess": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + } + }, + "type": "object" + }, + "runtime.AppEmbeddedPolicy": { + "description": "AppEmbeddedPolicy represents a runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.AppEmbeddedPolicyRule": { + "description": "AppEmbeddedPolicyRule represents a single rule in the app embedded runtime policy", + "properties": { + "advancedProtection": { + "description": "Indicates whether advanced protection (e.g., custom or premium feeds for container, added whitelist rules for serverless) is enabled (true) or not (false).\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.DNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.FilesystemRule" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.NetworkRule" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProcessesRule" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.AppListeningPorts": { + "description": "AppListeningPorts is an association of an app and list of listening ports", + "properties": { + "app": { + "description": "App is the name of the app.\n", + "type": "string" + }, + "portsData": { + "$ref": "#/components/schemas/common.ProfilePortData" + } + }, + "type": "object" + }, + "runtime.ContainerCapabilities": { + "description": "ContainerCapabilities are a set of static capabilities for a given container", + "properties": { + "ci": { + "description": "CI indicates the container allowed to write binaries to disk and run them.\n", + "type": "boolean" + }, + "cloudMetadata": { + "description": "CloudMetadata indicates the given container can query cloud metadata api.\n", + "type": "boolean" + }, + "dnsCache": { + "description": "DNSCache are DNS services that are used by all the pods in the cluster.\n", + "type": "boolean" + }, + "dynamicDNSQuery": { + "description": "DynamicDNSQuery indicates capped behavioral dns queries.\n", + "type": "boolean" + }, + "dynamicFileCreation": { + "description": "DynamicFileCreation indicates capped behavioral filesystem paths.\n", + "type": "boolean" + }, + "dynamicProcessCreation": { + "description": "DynamicProcessCreation indicates capped behavioral processes.\n", + "type": "boolean" + }, + "k8s": { + "description": "Kubernetes indicates the given container can perform k8s networking tasks (e.g., contact to api server).\n", + "type": "boolean" + }, + "proxy": { + "description": "Proxy indicates the container can listen on any port and perform multiple outbound connection.\n", + "type": "boolean" + }, + "pullImage": { + "description": "PullImage indicates that the container is allowed pull images (might include files with high entropy).\n", + "type": "boolean" + }, + "sshd": { + "description": "Sshd indicates whether the container can run sshd process.\n", + "type": "boolean" + }, + "unpacker": { + "description": "Unpacker indicates the container is allowed to write shared libraries to disk.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.ContainerDNSRule": { + "description": "ContainerDNSRule is the DNS runtime rule for container", + "properties": { + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "disabled": { + "description": "Disabled a global disable for the DNS rule.\n", + "type": "boolean" + }, + "domainList": { + "$ref": "#/components/schemas/runtime.DNSListRule" + } + }, + "type": "object" + }, + "runtime.ContainerFilesystemRule": { + "description": "ContainerFilesystemRule represents restrictions/suppression for filesystem changes", + "properties": { + "allowedList": { + "description": "AllowedList is the list of allowed file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "backdoorFilesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedList": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "disabled": { + "description": "Disabled a global disable for the filesystem rule.\n", + "type": "boolean" + }, + "encryptedBinariesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "newFilesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "suspiciousELFHeadersEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerNetworkRule": { + "description": "ContainerNetworkRule represents the restrictions/suppression for networking", + "properties": { + "allowedIPs": { + "description": "AllowedIPs the allow-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedIPs": { + "description": "DeniedIPs the deny-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deniedIPsEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "disabled": { + "description": "Disabled a global disable for the network rule.\n", + "type": "boolean" + }, + "listeningPorts": { + "$ref": "#/components/schemas/runtime.PortListRule" + }, + "modifiedProcEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "outboundPorts": { + "$ref": "#/components/schemas/runtime.PortListRule" + }, + "portScanEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "rawSocketsEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerPolicy": { + "description": "ContainerPolicy represents a runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "learningDisabled": { + "description": "Indicates whether automatic behavioural learning is enabled (true) or not (false).\n", + "type": "boolean" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.ContainerPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ContainerPolicyRule": { + "description": "ContainerPolicyRule represents a single rule in the runtime policy", + "properties": { + "advancedProtectionEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "cloudMetadataEnforcementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.ContainerDNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.ContainerFilesystemRule" + }, + "kubernetesEnforcementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.ContainerNetworkRule" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ContainerProcessesRule" + }, + "skipExecSessions": { + "description": "Indicates whether to skip runtime validation for events triggered by docker/kubectl exec.\n", + "type": "boolean" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerProcessesRule": { + "description": "ContainerProcessesRule represents restrictions/suppression for running processes", + "properties": { + "allowedList": { + "description": "AllowedList is the list of processes to allow.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "checkParentChild": { + "description": "Indicates whether checking for parent child relationship when comparing spawned processes in the model is enabled.\n", + "type": "boolean" + }, + "cryptoMinersEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedList": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "disabled": { + "description": "Disabled a global disable for the processes rule.\n", + "type": "boolean" + }, + "lateralMovementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "modifiedProcessEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "reverseShellEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "suidBinariesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerProfileHost": { + "description": "ContainerProfileHost represents a host that runs a container with a specific profile ID", + "properties": { + "agentless": { + "description": "Agentless indicates if the host was scanned by agentless.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the name of the host.\n", + "type": "string" + }, + "profileID": { + "description": "ProfileID is the profile ID that matches the container running in the host.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.DNSListRule": { + "description": "DNSListRule represents an explicitly allowed/denied domains list rule", + "properties": { + "allowed": { + "description": "Allowed the allow-listed domain names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "denied": { + "description": "Denied the deny-listed domain names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.DNSQuery": { + "description": "DNSQuery is the data of a DNS query", + "properties": { + "domainName": { + "description": "DomainName is the queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the queried domain type.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.DNSRule": { + "description": "DNSRule is the DNS runtime rule", + "properties": { + "blacklist": { + "description": "List of deny-listed domain names (e.g., www.bad-url.com, *.bad-url.com).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "whitelist": { + "description": "List of allow-listed domain names (e.g., *.gmail.com, *.s3.*.amazon.com).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.DenyListRule": { + "description": "DenyListRule represents a rule containing paths of files and processes to alert/prevent and the required effect", + "properties": { + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "paths": { + "description": "Paths are the paths to alert/prevent when an event with one of the paths is triggered.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.FSFileType": { + "description": "FSFileType represents the file type", + "type": "integer" + }, + "runtime.FileIntegrityRule": { + "description": "FileIntegrityRule represents a single file integrity monitoring rule", + "properties": { + "dir": { + "description": "Dir indicates that the path is a directory.\n", + "type": "boolean" + }, + "exclusions": { + "description": "Exclusions are filenames that should be ignored while generating audits\nThese filenames may contain a wildcard regex pattern, e.g. foo*.log, *.cache.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "metadata": { + "description": "Metadata indicates that metadata changes should be monitored (e.g. chmod, chown).\n", + "type": "boolean" + }, + "path": { + "description": "Path is the path to monitor.\n", + "type": "string" + }, + "procWhitelist": { + "description": "ProcWhitelist are the processes to ignore\nFilesystem events caused by these processes DO NOT generate file integrity events.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "read": { + "description": "Read indicates that reads operations should be monitored.\n", + "type": "boolean" + }, + "recursive": { + "description": "Recursive indicates that monitoring should be recursive.\n", + "type": "boolean" + }, + "write": { + "description": "Write indicates that write operations should be monitored.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.FilesystemRule": { + "description": "FilesystemRule represents restrictions/suppression for filesystem changes", + "properties": { + "backdoorFiles": { + "description": "Monitors files that can create and/or persist backdoors (currently SSH and admin account config files) (true).\n", + "type": "boolean" + }, + "blacklist": { + "description": "List of denied file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "checkNewFiles": { + "description": "Detects changes to binaries and certificates (true).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipEncryptedBinaries": { + "description": "Indicates that encrypted binaries check should be skipped.\n", + "type": "boolean" + }, + "suspiciousELFHeaders": { + "description": "Indicates whether malware detection based on suspicious ELF headers is enabled.\n", + "type": "boolean" + }, + "whitelist": { + "description": "List of allowed file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.GeoIP": { + "description": "GeoIP represents an ip address with it's origin country code", + "properties": { + "code": { + "description": "Code is the country iso code.\n", + "type": "string" + }, + "ip": { + "description": "IP is the ip address.\n", + "type": "string" + }, + "modified": { + "description": "Modified is the last modified time of this entry.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostDNSRule": { + "description": "HostDNSRule represents a host DNS runtime rule", + "properties": { + "allow": { + "description": "Allow is a list of user-defined domains to skip checks for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deny": { + "description": "Deny is a list of user-defined domains to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "denyListEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.HostNetworkRule": { + "description": "HostNetworkRule represents the restrictions/suppression for host networking", + "properties": { + "allowedOutboundIPs": { + "description": "AllowedOutboundIPs is a list of IPs to skip checks for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "customFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedListeningPorts": { + "description": "DeniedListeningPorts is a list of listening ports to deny.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "deniedOutboundIPs": { + "description": "DeniedOutboundIPs is a list of outbound IPs to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deniedOutboundPorts": { + "description": "DeniedOutboundPorts is a list of outbound ports to deny.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "denyListEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.HostPolicy": { + "description": "HostPolicy represents a host runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "ID is the host runtime policy internal id.\n", + "type": "string" + }, + "owner": { + "description": "Owner is the host runtime policy owner.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of host runtime rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.HostPolicyRule": { + "description": "HostPolicyRule represents a single rule in the runtime policy", + "properties": { + "antiMalware": { + "$ref": "#/components/schemas/runtime.AntiMalwareRule" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "CustomRules is a list of custom rules associated with the container runtime policy.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.HostDNSRule" + }, + "fileIntegrityRules": { + "description": "FileIntegrityRules are the file integrity monitoring rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.FileIntegrityRule" + }, + "type": "array" + }, + "forensic": { + "$ref": "#/components/schemas/common.HostForensicSettings" + }, + "logInspectionRules": { + "description": "LogInspectionRules is a list of log inspection rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.LogInspectionRule" + }, + "type": "array" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.HostNetworkRule" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfile": { + "description": "HostProfile represents a host runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID (hostname).\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID associated with the profile.\n", + "type": "string" + }, + "apps": { + "description": "Apps are the host's apps metadata.\n", + "items": { + "$ref": "#/components/schemas/runtime.App" + }, + "type": "array" + }, + "collections": { + "description": "Collections is a list of collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "hash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "labels": { + "description": "Labels are the labels associated with the profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "sshEvents": { + "description": "SSHEvents represents a list SSH events occurred on the host.\n", + "items": { + "$ref": "#/components/schemas/runtime.SSHEvent" + }, + "type": "array" + }, + "time": { + "description": "Time is the last time when this profile was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfileListeningPort": { + "description": "HostProfileListeningPort holds a metadata on listening port stored in host runtime profile", + "properties": { + "command": { + "description": "Command represents the command that triggered the connection.\n", + "type": "string" + }, + "modified": { + "description": "Modified is a timestamp of when the event occurred.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "processPath": { + "description": "ProcessPath represents the path to the process that uses the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfileOutgoingPort": { + "description": "HostProfileOutgoingPort holds a metadata on outgoing port stored in host runtime profile", + "properties": { + "command": { + "description": "Command represents the command that triggered the connection.\n", + "type": "string" + }, + "country": { + "description": "Country is the country ISO code for the given IP address.\n", + "type": "string" + }, + "ip": { + "description": "IP is the IP address captured over this port.\n", + "type": "string" + }, + "modified": { + "description": "Modified is a timestamp of when the event occurred.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "processPath": { + "description": "ProcessPath represents the path to the process that uses the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.LogInspectionRule": { + "description": "LogInspectionRule represents a single log inspection rule", + "properties": { + "path": { + "description": "Path is the log path.\n", + "type": "string" + }, + "regex": { + "description": "Regex are the regular expressions associated with the rule if it is a custom one.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.NetworkRule": { + "description": "NetworkRule represents the restrictions/suppression for networking", + "properties": { + "blacklistIPs": { + "description": "Deny-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blacklistListeningPorts": { + "description": "Deny-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "blacklistOutboundPorts": { + "description": "Deny-listed outbound ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "whitelistIPs": { + "description": "Allow-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "whitelistListeningPorts": { + "description": "Allow-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "whitelistOutboundPorts": { + "description": "Allow-listed outbound ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.PortListRule": { + "description": "PortListRule represents a rule containing ports to allowed/denied and the required effect", + "properties": { + "allowed": { + "description": "Allowed the allow-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "denied": { + "description": "Denied the deny-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ProcessesRule": { + "description": "ProcessesRule represents restrictions/suppression for running processes", + "properties": { + "blacklist": { + "description": "List of processes to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blockAllBinaries": { + "description": "Indicates that all processes are blocked except the main process.\n", + "type": "boolean" + }, + "checkCryptoMiners": { + "description": "Detect crypto miners.\n", + "type": "boolean" + }, + "checkLateralMovement": { + "description": "Indicates whether dectection of processes that can be used for lateral movement exploits is enabled.\n", + "type": "boolean" + }, + "checkNewBinaries": { + "description": "Indicates whether binaries which do not belong to the original image are allowed to run.\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipModified": { + "description": "Indicates whether to trigger audits/incidents when a modified proc is spawned.\n", + "type": "boolean" + }, + "whitelist": { + "description": "List of processes to allow.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileFilesystem": { + "description": "ProfileFilesystem defines the filesystem features profile", + "properties": { + "behavioral": { + "description": "Behavioral is filesystem data learned from behavioral analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileFilesystemPath" + }, + "type": "array" + }, + "static": { + "description": "Static is filesystem data learned from static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileFilesystemPath" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileFilesystemPath": { + "description": "ProfileFilesystemPath represents the filesystem static data", + "properties": { + "mount": { + "description": "Mount indicates whether the given folder is a mount.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the file path.\n", + "type": "string" + }, + "process": { + "description": "Process is the process that accessed the file.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the file was added.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileNetwork": { + "description": "ProfileNetwork represents networking data that is learned", + "properties": { + "behavioral": { + "$ref": "#/components/schemas/runtime.ProfileNetworkBehavioral" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "static": { + "$ref": "#/components/schemas/runtime.ProfileNetworkStatic" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkBehavioral": { + "description": "ProfileNetworkBehavioral represents the behavioral data learned for networking", + "properties": { + "dnsQueries": { + "description": "DNSQueries is the learned DNS queries.\n", + "items": { + "$ref": "#/components/schemas/runtime.DNSQuery" + }, + "type": "array" + }, + "listeningPorts": { + "description": "Listening is the learned listening ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppListeningPorts" + }, + "type": "array" + }, + "outboundPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkGeoIP": { + "description": "ProfileNetworkGeoIP represents a cache of last ip-country pairs attached to each profile", + "properties": { + "countries": { + "description": "Countries is a list of ip addresses with their corresponding country codes.\n", + "items": { + "$ref": "#/components/schemas/runtime.GeoIP" + }, + "type": "array" + }, + "modified": { + "description": "Modified is the last modified time of the cache.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkStatic": { + "description": "ProfileNetworkStatic represent the static section of the networking profile", + "properties": { + "listeningPorts": { + "description": "Listening are the listening ports learned by static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppListeningPorts" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileProcess": { + "description": "ProfileProcess represents a single process data", + "properties": { + "command": { + "description": "Command is the executed command.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates whether the process belongs to an interactive session.\n", + "type": "boolean" + }, + "md5": { + "description": "MD5 is the process binary MD5 sum.\n", + "type": "string" + }, + "modified": { + "description": "Modified indicates the process binary was modified after the container has started.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the process binary path.\n", + "type": "string" + }, + "ppath": { + "description": "PPath is the parent process path.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the process was added. If the process was modified, Time is the modification time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User represents the username that started the process.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileProcesses": { + "description": "ProfileProcesses represents the process data that is learned for a specific image", + "properties": { + "behavioral": { + "description": "Behavioral are process details learned from behavioral analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + }, + "static": { + "description": "Static are process details learned from static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.RuleEffect": { + "description": "RuleEffect is the effect that will be used in the runtime rule", + "enum": [ + [ + "block", + "prevent", + "alert", + "disable" + ] + ], + "type": "string" + }, + "runtime.SSHEvent": { + "description": "SSHEvent represents an SSH event data", + "properties": { + "command": { + "description": "Command is the executed command.\n", + "type": "string" + }, + "country": { + "description": "Country represents the SSH client's origin country.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates whether the process belongs to an interactive session.\n", + "type": "boolean" + }, + "ip": { + "description": "IP address represents the connection client IP address.\n", + "type": "integer" + }, + "loginTime": { + "description": "LoginTime represents the SSH login time.\n", + "format": "int64", + "type": "integer" + }, + "md5": { + "description": "MD5 is the process binary MD5 sum.\n", + "type": "string" + }, + "modified": { + "description": "Modified indicates the process binary was modified after the container has started.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the process binary path.\n", + "type": "string" + }, + "ppath": { + "description": "PPath is the parent process path.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the process was added. If the process was modified, Time is the modification time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User represents the username that started the process.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.SecretScrubbingSpec": { + "description": "SecretScrubbingSpec defined a single runtime secret scrubbing specification", + "properties": { + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pattern": { + "description": "Pattern is the regex pattern to mask sensitive data.\n", + "type": "string" + }, + "placeholder": { + "description": "Placeholder is the placeholder text to replace the matched field content.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ServerlessPolicy": { + "description": "ServerlessPolicy represents a serverless runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "learningDisabled": { + "description": "Indicates whether automatic behavioural learning is enabled (true) or not (false).\n", + "type": "boolean" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.ServerlessPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ServerlessPolicyRule": { + "description": "ServerlessPolicyRule represents a single rule in the serverless runtime policy", + "properties": { + "advancedProtection": { + "description": "Indicates whether advanced protection (e.g., custom or premium feeds for container, added whitelist rules for serverless) is enabled (true) or not (false).\n", + "type": "boolean" + }, + "cloudMetadataEnforcement": { + "description": "Catches containers that access the cloud provider metadata API.\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.DNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.FilesystemRule" + }, + "kubernetesEnforcement": { + "description": "Detects containers that attempt to compromise the orchestrator.\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.NetworkRule" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProcessesRule" + }, + "skipExecSessions": { + "description": "Indicates whether to skip runtime validation for events triggered by docker/kubectl exec.\n", + "type": "boolean" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "sandbox.ConnectionEvent": { + "description": "ConnectionEvent represents a network connection event", + "properties": { + "countryCode": { + "description": "CountryCode is the country code for the network IP.\n", + "type": "string" + }, + "ip": { + "description": "IP is the network IP.\n", + "type": "string" + }, + "port": { + "description": "Port is the network port.\n", + "type": "integer" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "protocol": { + "description": "Protocol is the transport layer protocol (UDP / TCP).\n", + "type": "string" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.DNSQueryEvent": { + "description": "DNSQueryEvent represents a DNS query event with it's connection details", + "properties": { + "countryCode": { + "description": "CountryCode is the country code for the network IP.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the domain name for a DNS query.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the domain type for a DNS query.\n", + "type": "string" + }, + "ip": { + "description": "IP is the network IP.\n", + "type": "string" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.Event": { + "description": "Event is a single event in a chain that lead to finding detection", + "properties": { + "description": { + "description": "Description describes what happened in the event.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of event detection.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.FilesystemAccessType": { + "description": "FilesystemAccessType represents a type of accessing a file", + "enum": [ + [ + "open", + "modify", + "create" + ] + ], + "type": "string" + }, + "sandbox.FilesystemEvent": { + "description": "FilesystemEvent represents a filesystem event during sandbox scan", + "properties": { + "accessType": { + "$ref": "#/components/schemas/sandbox.FilesystemAccessType" + }, + "path": { + "description": "Path is the file path.\n", + "type": "string" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.Finding": { + "description": "Finding represents a finding detected during sandbox scan", + "properties": { + "description": { + "description": "Description is the finding description.\n", + "type": "string" + }, + "events": { + "description": "Events are the events that lead to the finding detection.\n", + "items": { + "$ref": "#/components/schemas/sandbox.Event" + }, + "type": "array" + }, + "severity": { + "$ref": "#/components/schemas/sandbox.FindingSeverity" + }, + "time": { + "description": "Time is the detection time (time of triggering event).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/sandbox.FindingType" + } + }, + "type": "object" + }, + "sandbox.FindingSeverity": { + "description": "FindingSeverity represents a finding severity level", + "enum": [ + [ + "critical", + "high", + "medium", + "low" + ] + ], + "type": "string" + }, + "sandbox.FindingType": { + "description": "FindingType represents a unique sandbox-detected finding type", + "enum": [ + [ + "dropper", + "modifiedBinary", + "executableCreation", + "filelessExecutableCreation", + "wildFireMalware", + "verticalPortScan", + "cryptoMiner", + "suspiciousELFHeader", + "kernelModule", + "modifiedBinaryExecution", + "filelessExecution" + ] + ], + "type": "string" + }, + "sandbox.ListeningEvent": { + "description": "ListeningEvent represents a network listening event", + "properties": { + "port": { + "description": "Port is the network port.\n", + "type": "integer" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ProcessEvent": { + "description": "ProcessEvent represents a process event during sandbox scan", + "properties": { + "command": { + "description": "Command is the command line.\n", + "type": "string" + }, + "md5": { + "description": "MD5 is the md5 hash for the process binary.\n", + "type": "string" + }, + "parent": { + "$ref": "#/components/schemas/sandbox.ProcessInfo" + }, + "path": { + "description": "Path is the binary path.\n", + "type": "string" + }, + "time": { + "description": "Time is the process start time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the username/id.\n", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ProcessInfo": { + "description": "ProcessInfo holds process information", + "properties": { + "command": { + "description": "Command is the command line.\n", + "type": "string" + }, + "md5": { + "description": "MD5 is the md5 hash for the process binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the binary path.\n", + "type": "string" + }, + "time": { + "description": "Time is the process start time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the username/id.\n", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ScanResult": { + "description": "ScanResult represents sandbox scan results", + "properties": { + "_id": { + "description": "ID is a unique scan identifier.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "connection": { + "description": "Connection is a list of connection events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ConnectionEvent" + }, + "type": "array" + }, + "dns": { + "description": "DNS is a list of DNS queries detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.DNSQueryEvent" + }, + "type": "array" + }, + "entrypoint": { + "description": "Entrypoint is the command executed in the sandbox scan.\n", + "type": "string" + }, + "filesystem": { + "description": "Filesystem is a list of filesystem events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.FilesystemEvent" + }, + "type": "array" + }, + "findings": { + "description": "Findings are the detected findings during scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.Finding" + }, + "type": "array" + }, + "image": { + "$ref": "#/components/schemas/shared.ImageInfo" + }, + "imageName": { + "description": "ImageName is the image name (e.g. registry/repo:tag).\n", + "type": "string" + }, + "listening": { + "description": "Listening is a list of listening events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ListeningEvent" + }, + "type": "array" + }, + "pass": { + "description": "Pass indicates if the scan passed or failed.\n", + "type": "boolean" + }, + "procs": { + "description": "Procs are the different detected process during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "type": "array" + }, + "riskScore": { + "description": "RiskScore is the weighted total risk score.\n", + "format": "double", + "type": "number" + }, + "scanDuration": { + "description": "ScanDuration is the provided scan duration in nanoseconds.\n", + "format": "int64", + "type": "integer" + }, + "scanTime": { + "description": "Start is the scan start time.\n", + "format": "date-time", + "type": "string" + }, + "suspiciousFiles": { + "description": "SuspiciousFiles are suspicious files detected during scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.SuspiciousFile" + }, + "type": "array" + } + }, + "type": "object" + }, + "sandbox.SuspiciousFile": { + "description": "SuspiciousFile represents a suspicious file", + "properties": { + "containerPath": { + "description": "ContainerPath is the path of the file in the running container.\n", + "type": "string" + }, + "created": { + "description": "Created indicates if the file was created during runtime.\n", + "type": "boolean" + }, + "md5": { + "description": "MD5 is the file MD5 hash.\n", + "type": "string" + }, + "path": { + "description": "Path is the path to the copy of the file.\n", + "type": "string" + } + }, + "type": "object" + }, + "secrets.SecretScanMetrics": { + "description": "SecretScanMetrics represents metrics collected during secret scan", + "properties": { + "failedScans": { + "description": "FailedScans represents number of failed scans caused by scanner errors.\n", + "format": "int64", + "type": "integer" + }, + "foundSecrets": { + "description": "FoundSecrets represents number of detected secrets.\n", + "type": "integer" + }, + "scanTime": { + "description": "ScanTime represents cumulative secret scan time in microseconds.\n", + "format": "int64", + "type": "integer" + }, + "scanTimeouts": { + "description": "ScanTimeouts represents number of failed scans caused by timeout.\n", + "format": "int64", + "type": "integer" + }, + "scannedFileSize": { + "description": "ScannedFileSize represents accumulated size of scanned files.\n", + "format": "int64", + "type": "integer" + }, + "scannedFiles": { + "description": "ScannedFiles represents number of text files scanned for secrets.\n", + "format": "int64", + "type": "integer" + }, + "totalBytes": { + "description": "TotalBytes represents accumulated file size.\n", + "format": "int64", + "type": "integer" + }, + "totalFiles": { + "description": "TotalFiles represents number of files read for secrets.\n", + "format": "int64", + "type": "integer" + }, + "totalTime": { + "description": "TotalTime represents the total time in microseconds.\n", + "format": "int64", + "type": "integer" + }, + "typesCount": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "TypesCount represents distribution of secrets by its type.\n", + "type": "object" + } + }, + "type": "object" + }, + "serverless.ActionResources": { + "description": "ActionResources is a single action resources", + "properties": { + "resources": { + "description": "Resources are the resources granted to the action.\n", + "items": { + "$ref": "#/components/schemas/serverless.Resource" + }, + "type": "array" + }, + "serviceAPI": { + "$ref": "#/components/schemas/serverless.ServiceAPI" + } + }, + "type": "object" + }, + "serverless.AssociatedVersion": { + "description": "AssociatedVersion is a single function version associated with the alias", + "properties": { + "version": { + "description": "Version is the function version.\n", + "type": "string" + }, + "weight": { + "description": "Weight is the possibility that the function will be called when triggering the alias.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Condition": { + "description": "Condition contains limitations on resources, such as a specific prefix", + "properties": { + "conditions": { + "description": "Conditions contain the limitations.\n", + "items": { + "$ref": "#/components/schemas/shared.KeyValues" + }, + "type": "array" + }, + "name": { + "description": "Condition in AWS such as: StringLike, StringNotLike, StringEquals, StringNotEquals, StringEqualsIgnoreCase, StringNotEqualsIgnoreCase, ForAllValues:StringLike,...\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.FunctionInfo": { + "description": "FunctionInfo contains function information collected during function scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "ID of the function.\n", + "type": "string" + }, + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "applicationName": { + "description": "Name of the application with which the function is associated.\n", + "type": "string" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "architecture": { + "description": "Architecture that the function supports.\n", + "type": "string" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudControllerAddress": { + "description": "Address of the TAS cloud controller API.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Matched function collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "defended": { + "description": "Indicates status of runtime defense. Covers both manually and automatically deployed function defense.\n", + "type": "boolean" + }, + "defenderLayerARN": { + "description": "Prisma Defender Layer ARN, if it exists.\n", + "type": "string" + }, + "description": { + "description": "User-provided description of the function.\n", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "envvars": { + "description": "Function environment variables.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "err": { + "description": "Description of an error that occurred during the scan.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "functionLayers": { + "description": "Layer ARNs used by this function.\n", + "items": { + "$ref": "#/components/schemas/serverless.LayerInfo" + }, + "type": "array" + }, + "functionTags": { + "description": "Cloud provider metadata tags.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "handler": { + "description": "Handler is the function handler.\n", + "type": "string" + }, + "hash": { + "description": "Hash of the function.\n", + "type": "string" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname of the scanner.\n", + "type": "string" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "invocations": { + "description": "Invocations is the function invocation count.\n", + "format": "double", + "type": "number" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "lastModified": { + "description": "Date/time when the function was last modified.\n", + "format": "date-time", + "type": "string" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "memory": { + "description": "Memory size, in MB, configured for the function.\n", + "format": "int64", + "type": "integer" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "name": { + "description": "Name of the function.\n", + "type": "string" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "platform": { + "description": "Platform is the function OS.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "region": { + "description": "Function's region.\n", + "type": "string" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "resourceGroupName": { + "description": "Name of the resource group to which the resource belongs (only for Azure).\n", + "type": "string" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "role": { + "description": "AWS execution role.\n", + "type": "string" + }, + "runtime": { + "description": "Runtime environment for the function (e.g., nodejs).\n", + "type": "string" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanTime": { + "description": "Date/time when the scan of the function was performed.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "scannerVersion": { + "description": "Scanner version.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "status": { + "description": "Status of the function (e.g., running).\n", + "type": "string" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "timeout": { + "description": "Function execution time at which the function will be terminated.\n", + "format": "int64", + "type": "integer" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "version": { + "description": "Version of the function.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "serverless.LayerInfo": { + "description": "LayerInfo contains information about a lambda layer", + "properties": { + "id": { + "description": "ID of the layer.\n", + "type": "string" + }, + "name": { + "description": "Name of the layer.\n", + "type": "string" + }, + "version": { + "description": "Version of the layer.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Permissions": { + "description": "Permissions contain service function permissions", + "properties": { + "actions": { + "description": "Actions is API actions of the service that the function has access to.\n", + "items": { + "$ref": "#/components/schemas/serverless.ActionResources" + }, + "type": "array" + }, + "service": { + "description": "Service is the service name.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.RadarData": { + "description": "RadarData represent all data relevant to the serverless radar", + "properties": { + "serverlessRadar": { + "description": "ServerlessRadar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/serverless.RadarEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "serverless.RadarEntity": { + "description": "RadarEntity is the extended serverless radar entity", + "properties": { + "_id": { + "description": "ID is unique identifier of the function (for AWS - ARN).\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "alias": { + "description": "Alias states that the current entity is an alias of the function.\n", + "type": "boolean" + }, + "applicationName": { + "description": "ApplicationName is the name of the application the function is associated with.\n", + "type": "string" + }, + "associatedVersions": { + "description": "AssociatedVersions contain the alias associated versions, or empty if the entity isn't an alias.\n", + "items": { + "$ref": "#/components/schemas/serverless.AssociatedVersion" + }, + "type": "array" + }, + "collections": { + "description": "Collections are the matched function collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + }, + "defended": { + "description": "Defended denotes weather the function is defended by a serverless defender.\n", + "type": "boolean" + }, + "description": { + "description": "Description is the user provided description of the function.\n", + "type": "string" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents.\n", + "type": "integer" + }, + "invocations": { + "description": "Invocations is the function invocation count.\n", + "format": "double", + "type": "number" + }, + "lastModified": { + "description": "LastModified is the modification time of the function.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the function.\n", + "type": "string" + }, + "networkCount": { + "description": "NetworkCount contain the runtime network events count.\n", + "type": "integer" + }, + "permissions": { + "description": "Permissions are the function permissions.\n", + "items": { + "$ref": "#/components/schemas/serverless.Permissions" + }, + "type": "array" + }, + "permissionsBoundary": { + "description": "PermissionsBoundary are limitations of the permissions, acting as AND.\n", + "items": { + "$ref": "#/components/schemas/serverless.Permissions" + }, + "type": "array" + }, + "processesCount": { + "description": "ProcessesCount contain the runtime processes events count.\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "runtime": { + "description": "Runtime is runtime environment for the function, i.e. nodejs.\n", + "type": "string" + }, + "scanned": { + "description": "Scanned indicates if the function was scanned for vulnerabilities and compliance.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags are the cloud provider metadata tags.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "triggers": { + "description": "Triggers contain invocation paths for functions.\n", + "items": { + "$ref": "#/components/schemas/serverless.Triggers" + }, + "type": "array" + }, + "version": { + "description": "Version is the version of the function, or the alias name if it's an alias.\n", + "type": "string" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "serverless.RadarFilter": { + "description": "RadarFilter contains filter options for serverless radar entities", + "properties": { + "accountIDs": { + "description": "AccountIDs are cloud provider account IDs with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentials": { + "description": "Credentials are cloud provider credential ID's with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "regions": { + "description": "Regions are cloud provider regions with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "serverless.Resource": { + "description": "Resource is a single action resources", + "properties": { + "allow": { + "description": "Allow states if the resource is allowed or denied.\n", + "type": "boolean" + }, + "condition": { + "description": "Conditions contain limitations on resources, such as a specific prefix.\n", + "items": { + "$ref": "#/components/schemas/serverless.Condition" + }, + "type": "array" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + }, + "negate": { + "description": "Negate indicates that the policy apply to all except the given resource.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "serverless.ServiceAPI": { + "description": "ServiceAPI describes a service API", + "properties": { + "api": { + "description": "API is the service API.\n", + "type": "string" + }, + "negate": { + "description": "Negate indicates the policy apply to all APIs except the given API.\n", + "type": "boolean" + }, + "service": { + "description": "Service is the AWS service.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Trigger": { + "description": "Trigger contains function triggers", + "properties": { + "properties": { + "description": "Properties are the trigger properties. There may be multiple values per key, for example AWS S3 event types: ObjectCreatedByPost, ObjectCreatedByCopy, ObjectCreatedByPut.\n", + "items": { + "$ref": "#/components/schemas/shared.KeyValues" + }, + "type": "array" + }, + "sourceID": { + "description": "SourceID is the id of the service instance that caused the trigger. For example AWS S3 bucket ARN, AWS apigateway ARN, etc.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Triggers": { + "description": "Triggers contain a service function triggers", + "properties": { + "service": { + "description": "Service is the service name.\n", + "type": "string" + }, + "triggers": { + "description": "Triggers are the function invocation paths from the service.\n", + "items": { + "$ref": "#/components/schemas/serverless.Trigger" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.AISOperationType": { + "description": "AISOperationType represents a scan operation type", + "enum": [ + [ + "discovery", + "create-snapshot", + "deploy-scanner", + "cleanup" + ] + ], + "type": "string" + }, + "shared.ActivityType": { + "description": "ActivityType is the type of user activity", + "enum": [ + [ + "app restart", + "app install", + "app modified", + "cron modified", + "system update", + "system reboot", + "source modified", + "source added", + "iptables changed", + "secret modified", + "login", + "sudo", + "accounts modified", + "sensitive files modified", + "docker" + ] + ], + "type": "string" + }, + "shared.AgentlessAccountScanStatus": { + "description": "AgentlessAccountScanStatus represents agentless cloud account scan status", + "type": "integer" + }, + "shared.AgentlessAccountState": { + "description": "AgentlessAccountState holds the information about the agentless account state", + "properties": { + "lastScan": { + "description": "LastScan is a timestamp of the end of the last scan.\n", + "format": "date-time", + "type": "string" + }, + "regions": { + "description": "Regions is an array of regions scanned in account.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessRegionState" + }, + "type": "array" + }, + "scanStatus": { + "$ref": "#/components/schemas/shared.AgentlessAccountScanStatus" + } + }, + "type": "object" + }, + "shared.AgentlessHostTag": { + "description": "AgentlessHostTag is the tag to be checked on a discovered host", + "properties": { + "key": { + "description": "Key is the tag key.\n", + "type": "string" + }, + "value": { + "description": "Value is the tag value.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.AgentlessRegionState": { + "description": "AgentlessRegionState holds information about the statuses scans in a region", + "properties": { + "availabilityDomain": { + "description": "AvailabilityDomain is the code name of OCI availabilityDomain.\n", + "type": "string" + }, + "errorsInfo": { + "description": "ErrorsInfo holds information about the errors that occured during in region scan.\n", + "items": { + "$ref": "#/components/schemas/shared.ScanErrorInfo" + }, + "type": "array" + }, + "lastScan": { + "description": "LastScan is a timestamp of the end of the last scan.\n", + "format": "date-time", + "type": "string" + }, + "region": { + "description": "Region is the code name of the region.\n", + "type": "string" + }, + "scanCoverage": { + "$ref": "#/components/schemas/shared.AgentlessScanHostCoverage" + }, + "scanID": { + "description": "ScanID is the id of scan cycle the region was last scanned in.\n", + "type": "integer" + }, + "score": { + "description": "Score is an aggregated score of the errors in the region.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.AgentlessScanHostCoverage": { + "description": "AgentlessScanHostCoverage contains the scan coverage stats", + "properties": { + "excluded": { + "description": "Excluded is the number of hosts that were excluded from the scan.\n", + "type": "integer" + }, + "issued": { + "description": "Issued is the number of hosts that are failed to scanned.\n", + "type": "integer" + }, + "pending": { + "description": "Pending is the number of hosts that are pending ais scan.\n", + "type": "integer" + }, + "successful": { + "description": "Successful is the number of hosts that were successfully scanned.\n", + "type": "integer" + }, + "unsupported": { + "description": "Unsupported is the number of hosts that are unsupported.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.AgentlessScanSpecification": { + "description": "AgentlessScanSpecification contains information for setting up an agentless scan for a group of accounts", + "properties": { + "autoScale": { + "description": "AutoScale indicates that the number of concurrent scanners should be selected automatically.\n", + "type": "boolean" + }, + "cloudScan": { + "description": "CloudScan indicates whether the account is being scanned with prisma.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is a network-accessible address that scanners can use to publish scan results to Console.\n", + "type": "string" + }, + "customTags": { + "description": "CustomTags are optional tags that can be added to the resources created by the scan.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled indicates whether agentless scanning is enabled.\n", + "type": "boolean" + }, + "excludedTags": { + "description": "ExcludedTags are the tags used to exclude instances from the scan.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "hubAccount": { + "description": "HubAccount indicates whether the account is configured as a hub account.\n", + "type": "boolean" + }, + "hubCredentialID": { + "description": "HubCredentialID is the ID of the credentials in the credentials store to use for authenticating with the cloud provider on behalf of the scan hub account. Optional.\n", + "type": "string" + }, + "includedTags": { + "description": "IncludedTags are tags that are used to filter hosts to scan. If set, only hosts that have one or more of these tags are scanned.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "ociCompartment": { + "description": "OCICompartment is the resource group that holds all scan related resources for OCI.\n", + "type": "string" + }, + "ociExcludedCompartments": { + "description": "OCIExcludedCompartments are the compartments excluded from scan (OCI).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ociVcn": { + "description": "OCIVcn is the Virtual Cloud Network to use for the instance launched for scanning. Default value is empty string, which represents the default VCN.\n", + "type": "string" + }, + "proxyAddress": { + "description": "ProxyAddress is the optional HTTP proxy address for a setup that includes a proxy server.\n", + "type": "string" + }, + "proxyCA": { + "description": "ProxyCA is the optional proxy CA certificate for a setup that includes a TLS proxy.\n", + "type": "string" + }, + "regions": { + "description": "Regions are the cloud provider regions applicable for the scan. Default is all.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "scanNonRunning": { + "description": "ScanNonRunning indicates whether to scan non running instances.\n", + "type": "boolean" + }, + "scanners": { + "description": "Scanners is the number of concurrent scanners to perform the scan (when auto-scale is off).\n", + "type": "integer" + }, + "securityGroup": { + "description": "SecurityGroup is the security group that scanners should use (for isolation and internet access). Default is empty value to use the cloud account default security group.\n", + "type": "string" + }, + "skipPermissionsCheck": { + "description": "SkipPermissionsCheck indicates whether permissions check should be skipped for the account. This allows users to attempt scanning when permissions check fails.\n", + "type": "boolean" + }, + "subnet": { + "description": "Subnet is the network subnet to use for the instance launched for scanning. Default value is empty string, which represents the default subnet in the default VPC.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.AlertThreshold": { + "description": "AlertThreshold is the vulnerability policy alert threshold\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "disabled": { + "description": "Suppresses alerts for all vulnerabilities (true).\n", + "type": "boolean" + }, + "value": { + "description": "Minimum severity to trigger alerts. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.AllowedCVE": { + "description": "AllowedCVE is a CVE to ignore across the product", + "properties": { + "cve": { + "description": "CVE is the CVE to allow.\n", + "type": "string" + }, + "description": { + "description": "Description is the description of why this CVE is allowed.\n", + "type": "string" + }, + "expiration": { + "description": "Expiration is the expiration date for the allowed CVE.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.AppEmbeddedEmbedRequest": { + "description": "AppEmbeddedEmbedRequest represents the arguments required for a AppEmbedded defender embed request", + "properties": { + "appID": { + "description": "AppID identifies the app that the embedded app defender defender is protecting.\n", + "type": "string" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address.\n", + "type": "string" + }, + "dataFolder": { + "description": "DataFolder is the path to the Twistlock data folder in the container.\n", + "type": "string" + }, + "dockerfile": { + "description": "Dockerfile is the Dockerfile to embed AppEmbedded defender into.\n", + "type": "string" + }, + "filesystemMonitoring": { + "description": "FilesystemMonitoring is the flag of filesystem monitoring for this Defender.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.AppEmbeddedRuntimeProfile": { + "description": "AppEmbeddedRuntimeProfile represents the app embedded runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID.\n", + "type": "string" + }, + "appID": { + "description": "AppID is the app embedded defender name.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the ECS Fargate cluster name.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "collections": { + "description": "Collections are collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "container": { + "description": "Container is the app embedded container name.\n", + "type": "string" + }, + "image": { + "description": "Image is the image name.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the image ID.\n", + "type": "string" + }, + "startTime": { + "description": "StartTime is the time when the defender starts.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.AppFirewallAudit": { + "description": "AppFirewallAudit represents a firewall audit event", + "properties": { + "_id": { + "description": "ID is internal id representation.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID where the audit was generated.\n", + "type": "string" + }, + "additionalHash": { + "description": "AdditionalHash for internal use only. This parameter is used to add an additional level of uniqueness to the audit.\n", + "type": "string" + }, + "appID": { + "description": "AppID is the application ID.\n", + "type": "string" + }, + "attackField": { + "$ref": "#/components/schemas/waas.HTTPField" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "cloudProviderName": { + "$ref": "#/components/schemas/prisma.ServiceProvider" + }, + "cluster": { + "description": "Cluster is the cluster on which the audit was originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "connectingIPs": { + "description": "ConnectingIPs are the requests connecting IPs such as proxy and load-balancer.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerId": { + "description": "ContainerID is the firewall container ID.\n", + "type": "string" + }, + "containerName": { + "description": "ContainerName is the firewall container name.\n", + "type": "string" + }, + "count": { + "description": "Count is the number of audit occurrences.\n", + "type": "integer" + }, + "country": { + "description": "Country is the source IP country.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "eventID": { + "description": "EventID is the event identifier of the audit relevant request.\n", + "type": "string" + }, + "firewallType": { + "$ref": "#/components/schemas/waas.FirewallType" + }, + "fqdn": { + "description": "FQDN is the current hostname's FQDN.\n", + "type": "string" + }, + "function": { + "description": "Function is the name of the serverless function that caused the audit.\n", + "type": "string" + }, + "functionID": { + "description": "FunctionID is the id of the function called.\n", + "type": "string" + }, + "host": { + "description": "Host indicates this audit is either for host firewall or out of band firewall or agentless firewall.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the current hostname.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the firewall image ID.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the firewall image name.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the custom labels associated with the container.\n", + "type": "object" + }, + "method": { + "description": "HTTPMethod is the request HTTP method.\n", + "type": "string" + }, + "modelPath": { + "description": "ModelPath for internal use only. This parameter is a correlated path for the mapped API Model.\n", + "type": "string" + }, + "msg": { + "description": "Message is the blocking message text.\n", + "type": "string" + }, + "ns": { + "description": "Namespaces are the k8s namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "owaspAPITop10": { + "$ref": "#/components/schemas/waas.OWASPAPITop10" + }, + "owaspTop10": { + "$ref": "#/components/schemas/waas.OWASPTop10" + }, + "prismaAccountID": { + "description": "PrismaAccountID is the Prisma format account ID.\n", + "type": "string" + }, + "prismaCloudProvider": { + "$ref": "#/components/schemas/prisma.CloudType" + }, + "prismaRegion": { + "description": "PrismaRegion is the Prisma format cloud region.\n", + "type": "string" + }, + "profileId": { + "description": "ProfileID is the profile of the audit.\n", + "type": "string" + }, + "protection": { + "$ref": "#/components/schemas/waas.Protection" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "rawEvent": { + "description": "RawEvent contains unparsed function handler event input.\n", + "type": "string" + }, + "region": { + "description": "Region is the name of the region in which the serverless function is located.\n", + "type": "string" + }, + "requestHeaderNames": { + "description": "RequestHeaderNames are the request header names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "requestHeaders": { + "description": "RequestHeaders represent the request headers.\n", + "type": "string" + }, + "requestHost": { + "description": "RequestHost is the request host.\n", + "type": "string" + }, + "requestID": { + "description": "RequestID is lambda function invocation request id.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "responseHeaderNames": { + "description": "ResponseHeaderNames are the response header names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ruleAppID": { + "description": "RuleAppID is the ID of the rule's app that was applied.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule that was applied.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "statusCode": { + "description": "StatusCode is the response status code.\n", + "type": "integer" + }, + "subnet": { + "description": "Subnet is the source IP subnet.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.AttackType" + }, + "url": { + "description": "URL is the requests full URL (partial on server side - path and query only).\n", + "type": "string" + }, + "urlPath": { + "description": "URLPath is the requests url path.\n", + "type": "string" + }, + "urlQuery": { + "description": "URLQuery is the requests url query.\n", + "type": "string" + }, + "userAgentHeader": { + "description": "UserAgentHeader is the requests User-Agent header.\n", + "type": "string" + }, + "version": { + "description": "Version is the defender version.\n", + "type": "string" + }, + "workloadAssetType": { + "$ref": "#/components/schemas/prisma.AssetType" + }, + "workloadExternalResourceID": { + "description": "WorkloadExternalResourceID is the workload external resource ID (Asset External ID).\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Audit": { + "description": "Audit represents an event in the system", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID where the audit was created.\n", + "type": "string" + }, + "allow": { + "description": "Allow indicates whether the command was allowe or denied.\n", + "type": "boolean" + }, + "api": { + "description": "API is the api that is being audited.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerName": { + "description": "ContainerName is the name of the container.\n", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the fully qualified domain name from which the audit originated.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname from which the audit originated.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the name of the image.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the labels associated with the target audit (for containers/images).\n", + "type": "object" + }, + "msg": { + "description": "Msg is the message explaining the audit.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the container namespace.\n", + "type": "string" + }, + "ruleName": { + "description": "RulesName is contains the name of the rule that was applied, when blocked.\n", + "type": "string" + }, + "sourceIP": { + "description": "SourceIP is the remote agent's source IP.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "description": "Type is the audit type.\n", + "type": "string" + }, + "user": { + "description": "User is the user that run the command.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.BackupSpec": { + "description": "BackupSpec is the backup specification", + "properties": { + "id": { + "description": "ID is the full backup file name, used as the instance id in API calls.\n", + "type": "string" + }, + "name": { + "description": "Name is the backup name.\n", + "type": "string" + }, + "release": { + "description": "Release is the backup release.\n", + "type": "string" + }, + "time": { + "description": "Time is the backup creation time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.Binary": { + "description": "Binary represents a detected binary file (ELF)", + "properties": { + "altered": { + "description": "Indicates if the binary was installed from a package manager and modified/replaced (true) or not (false).\n", + "type": "boolean" + }, + "cveCount": { + "description": "Total number of CVEs for this specific binary.\n", + "type": "integer" + }, + "deps": { + "description": "Third-party package files which are used by the binary.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "fileMode": { + "description": "Represents the file's mode and permission bits.\n", + "type": "integer" + }, + "functionLayer": { + "description": "ID of the serverless layer in which the package was discovered.\n", + "type": "string" + }, + "md5": { + "description": "Md5 hashset of the binary.\n", + "type": "string" + }, + "missingPkg": { + "description": "Indicates if this binary is not related to any package (true) or not (false).\n", + "type": "boolean" + }, + "name": { + "description": "Name of the binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the path of the binary.\n", + "type": "string" + }, + "pkgRootDir": { + "description": "Path for searching packages used by the binary.\n", + "type": "string" + }, + "services": { + "description": "Names of services which use the binary.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "version": { + "description": "Version of the binary.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.BlockThreshold": { + "description": "BlockThreshold is the vulnerability policy block threshold\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "enabled": { + "description": "Enables blocking (true).\n", + "type": "boolean" + }, + "value": { + "description": "Minimum severity to trigger blocking. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.CLIScanResult": { + "description": "CLIScanResult describes a CLI scan result", + "properties": { + "_id": { + "description": "ID of the scan result.\n", + "type": "string" + }, + "build": { + "description": "CI build.\n", + "type": "string" + }, + "complianceFailureSummary": { + "description": "Scan compliance failure summary.\n", + "type": "string" + }, + "entityInfo": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "jobName": { + "description": "CI job name.\n", + "type": "string" + }, + "pass": { + "description": "Indicates if the scan passed (true) or failed (false).\n", + "type": "boolean" + }, + "time": { + "description": "Time of the scan.\n", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Scanner version.\n", + "type": "string" + }, + "vulnFailureSummary": { + "description": "Scan vulnerability failure summary.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CVEAllowList": { + "description": "CVEAllowList is a collection of allowed CVE's", + "properties": { + "_id": { + "description": "ID is the id of the feed.\n", + "type": "string" + }, + "digest": { + "description": "Digest is the feed digest.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of allowed CVEs.\n", + "items": { + "$ref": "#/components/schemas/shared.AllowedCVE" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.CVERule": { + "description": "CVERule is a vuln rule for specific vulnerability", + "properties": { + "description": { + "description": "Free-form text for documenting the exception.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "expiration": { + "$ref": "#/components/schemas/vuln.ExpirationDate" + }, + "id": { + "description": "CVE ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryAccount": { + "description": "CloudDiscoveryAccount holds data about a discovered account", + "properties": { + "accountName": { + "description": "AccountName is the cloud account name.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether the account is scan by agentless.\n", + "type": "boolean" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryEntity": { + "description": "CloudDiscoveryEntity holds data about a discovered entity", + "properties": { + "accountID": { + "description": "AccountID is the cloud provider account ID.\n", + "type": "string" + }, + "activeServicesCount": { + "description": "ActiveServicesCount is the number of active services in ecs cluster.\n", + "format": "int64", + "type": "integer" + }, + "arn": { + "description": "The Amazon Resource Name (ARN) assigned to the entity.\n", + "type": "string" + }, + "collections": { + "description": "Collections are the matched result collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerGroup": { + "description": "ContainerGroup is the azure aci container group the container belongs to.\n", + "type": "string" + }, + "createdAt": { + "description": "CreatedAt is the time when the entity was created.\n", + "format": "date-time", + "type": "string" + }, + "defended": { + "description": "Defended indicates if the entity is defended.\n", + "type": "boolean" + }, + "endpoints": { + "description": "Endpoints are the cluster endpoints.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "image": { + "description": "Image is the image of an aci container.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the modification time of the function.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the entity.\n", + "type": "string" + }, + "nodesCount": { + "description": "NodesCount is the number of nodes in the cluster (aks, gke).\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registry": { + "description": "Registry is the Azure registry that was scanned, for example: testcloudscanregistry.azurecr.io.\n", + "type": "string" + }, + "resourceGroup": { + "description": "ResourceGroup is the the azure resource group containing the entity.\n", + "type": "string" + }, + "runningTasksCount": { + "description": "RunningTasksCount is the number of running tasks in ecs cluster.\n", + "format": "int64", + "type": "integer" + }, + "runtime": { + "description": "Runtime is runtime environment for the function, i.e. nodejs.\n", + "type": "string" + }, + "serviceType": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "status": { + "description": "Status is the current status of entity.\n", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the time in which the instance info was fetched.\n", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Version is the version of the entity.\n", + "type": "string" + }, + "zone": { + "description": "Zone is the GCP zone that was scanned.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryRadar": { + "description": "CloudDiscoveryRadar represents a cloud radar", + "properties": { + "accounts": { + "description": "Accounts is the number of accounts.\n", + "type": "integer" + }, + "agentlessDisabledAccounts": { + "description": "AgentlessDisabledAccounts is the number of accounts with agentless is disable.\n", + "type": "integer" + }, + "appEmbedded": { + "description": "AppEmbedded indicates whether the region includes app Embedded.\n", + "type": "boolean" + }, + "clusters": { + "description": "Clusters indicates whether the region includes clusters.\n", + "type": "boolean" + }, + "defended": { + "description": "Defended is the number of defended entities.\n", + "type": "integer" + }, + "errCount": { + "description": "ErrCount is the number of errors.\n", + "type": "integer" + }, + "functions": { + "description": "Functions indicates whether the region includes functions.\n", + "type": "boolean" + }, + "nodes": { + "description": "NodesCount is the number of nodes.\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registries": { + "description": "Registries indicates whether the region includes registries.\n", + "type": "boolean" + }, + "total": { + "description": "Total is total number of entities found in cloud scan.\n", + "type": "integer" + }, + "vms": { + "description": "VMs indicates whether the region includes VMs.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryResult": { + "description": "CloudDiscoveryResult represents a cloud scan result for a specific cloud provider, service and region", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "accountName": { + "description": "AccountName is the cloud account name.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether the account is scan by agentless.\n", + "type": "boolean" + }, + "collections": { + "description": "Collections are the matched result collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + }, + "defended": { + "description": "Defended is the number of defended entities (registries, functions, clusters).\n", + "type": "integer" + }, + "defenseCoverage": { + "description": "DefenseCoverage is the defense coverage percentage (0-100).\n", + "type": "integer" + }, + "err": { + "description": "Err holds any error found during a scan.\n", + "type": "string" + }, + "nodes": { + "description": "Nodes is the number of nodes.\n", + "type": "integer" + }, + "project": { + "description": "Project is the GCP project that was scanned.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registry": { + "description": "Registry is the registry that was scanned, for example: testcloudscanregistry.azurecr.io.\n", + "type": "string" + }, + "registryTags": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "RegistryTags are the registry tags.\n", + "type": "object" + }, + "serviceType": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "total": { + "description": "Total is total number of entities found in cloud scan.\n", + "type": "integer" + }, + "undefended": { + "description": "Undefended is the number of undefended entities (registries, functions, clusters).\n", + "type": "integer" + }, + "zone": { + "description": "Zone is the zone that was scanned, only relevant to GCP.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudScanRule": { + "description": "CloudScanRule is a rule for discovery/compliance/serverless radar scanning", + "properties": { + "agentlessAccountState": { + "$ref": "#/components/schemas/shared.AgentlessAccountState" + }, + "agentlessScanSpec": { + "$ref": "#/components/schemas/shared.AgentlessScanSpecification" + }, + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "complianceCheckIDs": { + "description": "ComplianceCheckIDs are the compliance checks IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential.\n", + "type": "string" + }, + "deleted": { + "description": "Deleted reports whether the account is deleted.\n", + "type": "boolean" + }, + "discoverAllFunctionVersions": { + "description": "DiscoverAllFunctionVersions indicates whether serverless discovery and radar scans should scan all function versions or only latest.\n", + "type": "boolean" + }, + "discoveryEnabled": { + "description": "DiscoveryEnabled indicates whether discovery scan is enabled.\n", + "type": "boolean" + }, + "modified": { + "description": "Modified holds the last modified time (in Compute).\n", + "format": "int64", + "type": "integer" + }, + "organizationName": { + "description": "OrganizationName is the organization the account belongs to (if any).\n", + "type": "string" + }, + "prismaLastModified": { + "description": "PrismaLastModified reports the last time the account was modified by Prisma (unix milliseconds).\n", + "format": "int64", + "type": "integer" + }, + "serverlessRadarCap": { + "description": "ServerlessRadarCap is the maximum number of functions to scan in serverless radar.\n", + "type": "integer" + }, + "serverlessRadarEnabled": { + "description": "ServerlessRadarEnabled indicates whether serverless radar scan is enabled.\n", + "type": "boolean" + }, + "serverlessScanSpec": { + "$ref": "#/components/schemas/shared.ServerlessScanSpecification" + }, + "vmTagsEnabled": { + "description": "VMTagsEnabled indicates whether fetching VM instance tags is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.CodeRepoProviderType": { + "description": "CodeRepoProviderType is the type of provider for the code repository, e.g., GitHub, GitLab etc", + "enum": [ + [ + "github", + "CI" + ] + ], + "type": "string" + }, + "shared.CompressedLayerTimes": { + "description": "CompressedLayerTimes represent the compressed layer times of the image apps and pkgs", + "properties": { + "appTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/int64" + }, + "type": "array" + }, + "pkgsTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/shared.PkgsTimes" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.Conditions": { + "description": "Conditions contains rule conditions. Conditions apply only for their respective policy type", + "properties": { + "device": { + "description": "Allowed volume host device (wildcard). If a \"container create\" command specifies a non matching host device, th action is blocked. Only applies to rules in certain policy types.\n", + "type": "string" + }, + "readonly": { + "description": "Indicates if the condition applies only to read-only commands (i.e., HTTP GET requests) (true) or not (false).\n", + "type": "boolean" + }, + "vulnerabilities": { + "description": "Block and scan severity-based vulnerabilities conditions.\n", + "items": { + "$ref": "#/components/schemas/vuln.Condition" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.Connection": { + "description": "Connection is a radar internet connection", + "properties": { + "port": { + "description": ".\n", + "type": "integer" + }, + "protocol": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerHistoryEvent": { + "description": "ContainerHistoryEvent is a container process event created by interactive user", + "properties": { + "_id": { + "description": "ID is the history event entity.\n", + "type": "string" + }, + "command": { + "description": "Command is the process that was executed.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname on which the command was invoked.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerInfo": { + "description": "ContainerInfo contains all information gathered on a specific container", + "properties": { + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "app": { + "description": "App is the app that is hosted in the container.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "ComplianceIssues are all the container compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": ".\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "ComplianceRiskScore is the container's compliance risk score.\n", + "format": "float", + "type": "number" + }, + "externalLabels": { + "description": "ExternalLabels is the external labels e.g., kubernetes namespace labels.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "id": { + "description": "ID is the container id.\n", + "type": "string" + }, + "image": { + "description": "Image is the canonical image name.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the image id.\n", + "type": "string" + }, + "imageName": { + "description": "The image name as stated in the docker run command.\n", + "type": "string" + }, + "infra": { + "description": "Infra represents any container that belongs to the infrastructure.\n", + "type": "boolean" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "labels": { + "description": "Labels are the container labels (https://docs.docker.com/engine/userguide/labels-custom-metadata/).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the container name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the k8s deployment namespace.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/shared.ContainerNetwork" + }, + "networkSettings": { + "$ref": "#/components/schemas/shared.DockerNetworkInfo" + }, + "processes": { + "description": "Processes are the processes that are running inside the container.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerProcess" + }, + "type": "array" + }, + "profileID": { + "description": "ProfileID is the container profile id.\n", + "type": "string" + }, + "sizeBytes": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "startTime": { + "description": "StartTime is the starting time of the container.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerNetwork": { + "description": "ContainerNetwork contains details about the container network (ports, IPs, type etc...)", + "properties": { + "ports": { + "description": "Ports are the ports details associated with the container.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerPort" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ContainerNetworkFirewallProfileAudits": { + "description": "ContainerNetworkFirewallProfileAudits represents the container network firewall profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.ContainerNetworkFirewallSubtypeAudits" + }, + "description": "Audits is a map from the audit sub-type to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ContainerNetworkFirewallSubtypeAudits": { + "description": "ContainerNetworkFirewallSubtypeAudits represents the container network firewall sub type audits per profile", + "properties": { + "audits": { + "description": "Audits are the container network firewall audits associated with the sub-type, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/cnnf.ContainerAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ContainerPort": { + "description": "ContainerPort represents the state of a port in a given container", + "properties": { + "container": { + "description": "Container is the mapped port inside the container.\n", + "type": "integer" + }, + "host": { + "description": "Host is the host port number.\n", + "type": "integer" + }, + "hostIP": { + "description": "HostIP is the host IP.\n", + "type": "string" + }, + "listening": { + "description": "Listening indicates whether the port is in listening mode.\n", + "type": "boolean" + }, + "nat": { + "description": "NAT indicates the port is exposed using NAT.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.ContainerProcess": { + "description": "ContainerProcess represents a process inside a container", + "properties": { + "name": { + "description": "Name is a process name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerRadarIncomingConnection": { + "description": "ContainerRadarIncomingConnection is an incoming connection in the network radar", + "properties": { + "policyRules": { + "description": "PolicyRules are the policy rules that are applicable for source/dest. Used for radar display of connections deduced from policy rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "type": "array" + }, + "ports": { + "description": "Ports are all the ports used by the sender.\n", + "items": { + "$ref": "#/components/schemas/common.PortData" + }, + "type": "array" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "profileID": { + "description": "ProfileID is the sender's profile ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerRuntimeProfile": { + "description": "ContainerRuntimeProfile represents the image runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID.\n", + "type": "string" + }, + "accountIDs": { + "description": "AccountIDs are the cloud account IDs associated with the container runtime profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "archived": { + "description": "Archive indicates whether this profile is archived.\n", + "type": "boolean" + }, + "capabilities": { + "$ref": "#/components/schemas/runtime.ContainerCapabilities" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "entrypoint": { + "description": "Entrypoint is the image entrypoint.\n", + "type": "string" + }, + "events": { + "description": "Events are the last historical interactive process events for this profile, they are updated in a designated flow.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerHistoryEvent" + }, + "type": "array" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.ProfileFilesystem" + }, + "hash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "hostNetwork": { + "description": "HostNetwork whether the instance share the network namespace with the host.\n", + "type": "boolean" + }, + "hostPid": { + "description": "HostPid indicates whether the instance share the pid namespace with the host.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the image name that represents the image.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the profile's image ID.\n", + "type": "string" + }, + "infra": { + "description": "InfraContainer indicates this is an infrastructure container.\n", + "type": "boolean" + }, + "istio": { + "description": "Istio states whether it is an istio-monitored profile.\n", + "type": "boolean" + }, + "k8s": { + "$ref": "#/components/schemas/shared.ProfileKubernetesData" + }, + "label": { + "description": "Label is the profile's label.\n", + "type": "string" + }, + "lastUpdate": { + "description": "Modified is the last time when this profile was modified.\n", + "format": "date-time", + "type": "string" + }, + "learnedStartup": { + "description": "LearnedStartup indicates that startup events were learned.\n", + "type": "boolean" + }, + "namespace": { + "description": "Namespace is the k8s deployment namespace.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.ProfileNetwork" + }, + "os": { + "description": "OS is the profile image OS.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProfileProcesses" + }, + "relearningCause": { + "description": "RelearningCause is a string that describes the reasoning for a profile to enter the learning mode after\nbeing activated.\n", + "type": "string" + }, + "remainingLearningDurationSec": { + "description": "RemainingLearningDurationSec represents the total time left that the system need to finish learning this image.\n", + "format": "double", + "type": "number" + }, + "state": { + "$ref": "#/components/schemas/shared.RuntimeProfileState" + } + }, + "type": "object" + }, + "shared.ContainerScanResult": { + "description": "ContainerScanResult contains the result of a scanning a container", + "properties": { + "_id": { + "description": "ID is the container ID.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates if the result was received by an agentless scanner.\n", + "type": "boolean" + }, + "agentlessScanID": { + "description": "AgentlessScanID is the ID of the agentless scan in which the result was received.\n", + "type": "integer" + }, + "ais": { + "description": "AIS indicates the scan was performed by AIS.\n", + "type": "boolean" + }, + "collections": { + "description": "Collections are collections to which this container applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "hostname": { + "description": "Hostname is the hostname on which the container is deployed.\n", + "type": "string" + }, + "info": { + "$ref": "#/components/schemas/shared.ContainerInfo" + }, + "runtimeEnabled": { + "description": "RuntimeEnabled indicates if any runtime rule applies to the container.\n", + "type": "boolean" + }, + "scanTime": { + "description": "ScanTime is the container scan time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.Coordinates": { + "description": "Coordinates represents a region coordinates type", + "properties": { + "latitude": { + "description": "Latitude coordinate.\n", + "format": "float", + "type": "number" + }, + "longitude": { + "description": "Longitude coordinate.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.CustomComplianceCheck": { + "description": "CustomComplianceCheck represents a custom compliance check entry", + "properties": { + "_id": { + "description": "ID is the compliance check ID.\n", + "type": "integer" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "script": { + "description": "Script is the custom check script.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the custom check defined severity.\n", + "type": "string" + }, + "title": { + "description": "Title is the custom check title.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CustomIPFeed": { + "description": "CustomIPFeed represent the custom IP feed", + "properties": { + "_id": { + "description": "ID is the custom feed id.\n", + "type": "string" + }, + "digest": { + "description": "Digest is an internal digest of the custom ip feed.\n", + "type": "string" + }, + "feed": { + "$ref": "#/components/schemas/shared.IPs" + }, + "modified": { + "description": "Modified is the last time the custom feed was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.CustomLabelsSettings": { + "description": "CustomLabelsSettings are customized label names that are used to augment audit events\nThey can either be docker labels (which appears in the container label specification)\nor k8s/openshift labels (which appears in the pause container that monitors the target container)", + "properties": { + "labels": { + "description": "Labels are the custom labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.CustomMalwareFeed": { + "description": "CustomMalwareFeed represent the custom malware", + "properties": { + "_id": { + "description": "ID is the custom feed id.\n", + "type": "string" + }, + "digest": { + "description": "Digest is an internal digest of the feed.\n", + "type": "string" + }, + "feed": { + "description": "Feed is the list of custom malware signatures.\n", + "items": { + "$ref": "#/components/schemas/shared.Malware" + }, + "type": "array" + }, + "modified": { + "description": "Modified is the last time the custom feed was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.DefenderInstallBundle": { + "description": "DefenderInstallBundle represents the install bundle for the defender", + "properties": { + "installBundle": { + "description": "InstallBundle is the base64 bundle of certificates used to communicate with the console.\n", + "type": "string" + }, + "wsAddress": { + "description": "WSAddress is the websocket address (console ) the TAS defender connects to.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.DefenderLicenseDetails": { + "description": "DefenderLicenseDetails represents a single defender license details", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "count": { + "description": "Count is the amount of licensed defenders.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.DockerNetworkInfo": { + "description": "DockerNetworkInfo contains network-related information about a container", + "properties": { + "ipAddress": { + "description": "IPAddress is the container IP.\n", + "type": "string" + }, + "macAddress": { + "description": "MacAddress is the container MAC.\n", + "type": "string" + }, + "networks": { + "description": "Networks are the networks the container is connected to.\n", + "items": { + "$ref": "#/components/schemas/shared.NetworkInfo" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the container network binding that are externally mapped.\n", + "items": { + "$ref": "#/components/schemas/shared.Port" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.EncodeServerlessRuleOpts": { + "description": "EncodeServerlessRuleOpts represents the arguments to serverless rule encoding request", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "consoleAddr": { + "description": "ConsoleAddr is the remote console address.\n", + "type": "string" + }, + "function": { + "description": "Function is the name of the function.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "region": { + "description": "Region is the function's cloud provider region.\n", + "type": "string" + }, + "updateIntervalMs": { + "description": "UpdateIntervalMs is the interval between defender policy requests from the console in milliseconds.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.EncodedServerlessRule": { + "description": "EncodedServerlessRule represents a base64-encoded serverless rule", + "properties": { + "data": { + "description": "Data is a base64-encoded serverless runtime rule.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.EntityType": { + "description": "EntityType represents the type of the resource identifier", + "enum": [ + [ + "", + "docker", + "kubernetes", + "tas", + "istio", + "internet" + ] + ], + "type": "string" + }, + "shared.FileDetails": { + "description": "FileDetails contains file details as the file path, hash checksum", + "properties": { + "md5": { + "description": "Hash sum of the file using md5.\n", + "type": "string" + }, + "path": { + "description": "Path of the file.\n", + "type": "string" + }, + "sha1": { + "description": "Hash sum of the file using SHA-1.\n", + "type": "string" + }, + "sha256": { + "description": "Hash sum of the file using SHA256.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.FileIntegrityEvent": { + "description": "FileIntegrityEvent represents a single file integrity event detected according to the file integrity monitoring rules", + "properties": { + "_id": { + "description": "ID is activity's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster on which the event was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this event applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "description": { + "description": "Description is a human readable description of the action performed on the path.\n", + "type": "string" + }, + "eventType": { + "$ref": "#/components/schemas/shared.FileIntegrityEventType" + }, + "fileType": { + "$ref": "#/components/schemas/runtime.FSFileType" + }, + "fqdn": { + "description": "FQDN is the current fully qualified domain name used in audit alerts.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname on which the event was found.\n", + "type": "string" + }, + "metadata": { + "$ref": "#/components/schemas/shared.FileMetadata" + }, + "path": { + "description": "Path is the absolute path of the event.\n", + "type": "string" + }, + "processName": { + "description": "ProcessName is the name of the process initiated the event.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the applied rule for auditing file integrity rules.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the user initiated the event.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.FileIntegrityEventType": { + "description": "FileIntegrityEventType represents the type of the file integrity event", + "enum": [ + [ + "metadata", + "read", + "write" + ] + ], + "type": "string" + }, + "shared.FileMetadata": { + "description": "FileMetadata represents the metadata of a single file/directory", + "properties": { + "gid": { + "description": "GID is the ID of the group that owns the file/directory.\n", + "type": "integer" + }, + "permissions": { + "description": "Permissions are the file/directory permission bits.\n", + "type": "integer" + }, + "uid": { + "description": "UID is the ID of the user that owns the file/directory.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ForensicSettings": { + "description": "ForensicSettings are settings for the forensic data collection", + "properties": { + "appEmbeddedDiskUsageMb": { + "description": "AppEmbeddedDiskUsageMb is the maximum amount of disk space used to\nstore the app embedded historical forensic events.\n", + "type": "integer" + }, + "collectNetworkFirewall": { + "description": "CollectNetworkFirewall indicates whether network firewall collection is enabled.\n", + "type": "boolean" + }, + "collectNetworkSnapshot": { + "description": "CollectNetworkSnapshot indicates whether network snapshot collection is enabled.\n", + "type": "boolean" + }, + "containerDiskUsageMb": { + "description": "ContainerDiskUsageMb is the maximum amount of disk space used to\nstore the container historical forensic events.\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled indicates whether host and container forensic data collection is enabled.\n", + "type": "boolean" + }, + "hostDiskUsageMb": { + "description": "HostDiskUsageMb is the maximum amount of disk space used to store\nthe host historical forensic events.\n", + "type": "integer" + }, + "incidentSnapshotsCap": { + "description": "IncidentSnapshotCap is the maximum amount of incident snapshots we store.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.GitlabRegistrySpec": { + "description": "GitlabRegistrySpec represents a specification for registry scanning in GitLab", + "properties": { + "apiDomainName": { + "description": ".\n", + "type": "string" + }, + "excludedGroupIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "groupIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "projectIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "userID": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.GraceDaysPolicy": { + "description": "GraceDaysPolicy indicates the grace days policy by severity", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled is an indication whether the the grace days by severity is enabled.\n", + "type": "boolean" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostActivity": { + "description": "HostActivity holds information for a user activity", + "properties": { + "_id": { + "description": "ID is activity's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "affectedServices": { + "description": "AffectedServices is the affected systemd service.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this host activity applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "command": { + "description": "Command is the original (with arguments) command the user invoked.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname the activity originated from.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates that the target process was spawned in an interactive session.\n", + "type": "boolean" + }, + "modifiedFiles": { + "description": "ModifiedFiles is the related modified files.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "msg": { + "description": "Message contains additional non-structured information about the activity, e.g. throttling message.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule applied to the host activity.\n", + "type": "string" + }, + "service": { + "description": "Service is the owning systemd service.\n", + "type": "string" + }, + "time": { + "description": "Time is time of the activity.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.ActivityType" + }, + "user": { + "description": "Username of the user that triggered the activity.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.HostAutoDeploySpecification": { + "description": "HostAutoDeploySpecification contains the information for host defender auto-deploy", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "bucketRegion": { + "description": "BucketRegion is the bucket region for Cloud Storage on GCP.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "consoleHostname": { + "description": "ConsoleHostname represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the last modified time of the specification.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the spec.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.HostAutoDeploySpecifications": { + "description": "HostAutoDeploySpecifications is a list of host auto-deploy specifications", + "items": { + "$ref": "#/components/schemas/shared.HostAutoDeploySpecification" + }, + "type": "array" + }, + "shared.HostInfo": { + "description": "HostInfo is a collection of information about the host and it's runtime state", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "Image identifier (image ID or repo:tag).\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates that the host was scanned with the agentless scanner.\n", + "type": "boolean" + }, + "aisUUID": { + "description": "AISUUID is the unique instance ID in the agentless instance scanning system.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "appEmbedded": { + "description": "Indicates that this image was scanned by an App-Embedded Defender.\n", + "type": "boolean" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "err": { + "description": "Description of an error that occurred during image scan.\n", + "type": "string" + }, + "errCode": { + "$ref": "#/components/schemas/agentless.ImageScanResultErrCode" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostRuntimeEnabled": { + "description": "HostRuntimeEnabled indicates if any runtime rule applies to the host.\n", + "type": "boolean" + }, + "hostname": { + "description": "Name of the host that was scanned.\n", + "type": "string" + }, + "hosts": { + "$ref": "#/components/schemas/shared.ImageHosts" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "instances": { + "description": "Details about each occurrence of the image (tag + host).\n", + "items": { + "$ref": "#/components/schemas/shared.ImageInstance" + }, + "type": "array" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "malwareAnalyzedTime": { + "description": "MalwareAnalyzedTime is the WildFire evaluator analyzing time shown as progress in UI and cannot to be overwritten by a new scan result.\n", + "format": "date-time", + "type": "string" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pullDuration": { + "description": "PullDuration is the time it took to pull the image.\n", + "format": "int64", + "type": "integer" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanDuration": { + "description": "ScanDuration is the total time it took to scan the image.\n", + "format": "int64", + "type": "integer" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "scanTime": { + "description": "Specifies the time of the last scan of the image.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "stopped": { + "description": "Stopped indicates whether the host was running during the agentless scan.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "trustResult": { + "$ref": "#/components/schemas/trust.ImageResult" + }, + "trustStatus": { + "$ref": "#/components/schemas/trust.Status" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + }, + "wildFireUsage": { + "$ref": "#/components/schemas/wildfire.Usage" + } + }, + "type": "object" + }, + "shared.HostNetworkFirewallProfileAudits": { + "description": "HostNetworkFirewallProfileAudits represents the host network firewall profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.HostNetworkFirewallSubtypeAudits" + }, + "description": "Audits is a map from the audit sub-type to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostNetworkFirewallSubtypeAudits": { + "description": "HostNetworkFirewallSubtypeAudits represents the host network firewall sub type audits per profile", + "properties": { + "audits": { + "description": "Audits are the host network firewall audits associated with the sub-type, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/cnnf.HostAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostRadarIncomingConnection": { + "description": "HostRadarIncomingConnection is the incoming connection between two apps in two hosts", + "properties": { + "dstHost": { + "description": "DstHost is the src hostname.\n", + "type": "string" + }, + "policyRules": { + "description": "PolicyRules are the policy rules that are applicable for source/dest. Used for radar display of connections deduced from policy rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the destination ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortData" + }, + "type": "array" + }, + "srcHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcHost": { + "description": "SrcHost is the src hostname.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.IPs": { + "description": "IPs represents a list of IPs", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "shared.Image": { + "description": "Image represents a container image", + "properties": { + "created": { + "description": "Date/time when the image was created.\n", + "format": "date-time", + "type": "string" + }, + "entrypoint": { + "description": "Combined entrypoint of the image (entrypoint + CMD).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "env": { + "description": "Image environment variables.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "healthcheck": { + "description": "Indicates if health checks are enabled (true) or not (false).\n", + "type": "boolean" + }, + "history": { + "description": "Holds the image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "id": { + "description": "ID of the image.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Image labels.\n", + "type": "object" + }, + "layers": { + "description": "Image filesystem layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "os": { + "description": "Image os type.\n", + "type": "string" + }, + "repoDigest": { + "description": "Image repo digests.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTags": { + "description": "Image repo tags.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "user": { + "description": "Image user.\n", + "type": "string" + }, + "workingDir": { + "description": "Base working directory of the image.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ImageHistory": { + "description": "ImageHistory represent a layer in the image's history", + "properties": { + "baseLayer": { + "description": "Indicates if this layer originated from the base image (true) or not (false).\n", + "type": "boolean" + }, + "created": { + "description": "Date/time when the image layer was created.\n", + "format": "int64", + "type": "integer" + }, + "emptyLayer": { + "description": "Indicates if this instruction didn't create a separate layer (true) or not (false).\n", + "type": "boolean" + }, + "id": { + "description": "ID of the layer.\n", + "type": "string" + }, + "instruction": { + "description": "Docker file instruction and arguments used to create this layer.\n", + "type": "string" + }, + "sizeBytes": { + "description": "Size of the layer (in bytes).\n", + "format": "int64", + "type": "integer" + }, + "tags": { + "description": "Holds the image tags.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerabilities": { + "description": "Vulnerabilities which originated from this layer.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ImageHost": { + "description": "ImageHost holds information about image scan result per host", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID the image is associated with.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates if the image was scanned as part of an agentless scan.\n", + "type": "boolean" + }, + "agentlessScanID": { + "description": "AgentlessScanID is the ID of the agentless scan in which the result was received.\n", + "type": "integer" + }, + "ais": { + "description": "AIS indicates the scan was performed by AIS.\n", + "type": "boolean" + }, + "appEmbedded": { + "description": "AppEmbedded indicates if the host is an app embedded host.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the cluster on which the image is deployed.\n", + "type": "string" + }, + "csa": { + "description": "CSA indicates if the image was scanned by CSA.\n", + "type": "boolean" + }, + "modified": { + "description": "Modified is the last scan time.\n", + "format": "date-time", + "type": "string" + }, + "namespaces": { + "description": "Namespaces are the namespaces on which the image is deployed.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ImageHosts": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.ImageHost" + }, + "description": "ImageHosts is a fast index for image scan results metadata per host", + "type": "object" + }, + "shared.ImageInfo": { + "description": "ImageInfo contains image information collected during image scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.ImageInstance": { + "description": "ImageInstance represents an image on a single host", + "properties": { + "host": { + "description": ".\n", + "type": "string" + }, + "image": { + "description": ".\n", + "type": "string" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "registry": { + "description": ".\n", + "type": "string" + }, + "repo": { + "description": ".\n", + "type": "string" + }, + "tag": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ImageScanResult": { + "description": "ImageScanResult holds the result of an image scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "Image identifier (image ID or repo:tag).\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates that the host was scanned with the agentless scanner.\n", + "type": "boolean" + }, + "aisUUID": { + "description": "AISUUID is the unique instance ID in the agentless instance scanning system.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "appEmbedded": { + "description": "Indicates that this image was scanned by an App-Embedded Defender.\n", + "type": "boolean" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "err": { + "description": "Description of an error that occurred during image scan.\n", + "type": "string" + }, + "errCode": { + "$ref": "#/components/schemas/agentless.ImageScanResultErrCode" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostRuntimeEnabled": { + "description": "HostRuntimeEnabled indicates if any runtime rule applies to the host.\n", + "type": "boolean" + }, + "hostname": { + "description": "Name of the host that was scanned.\n", + "type": "string" + }, + "hosts": { + "$ref": "#/components/schemas/shared.ImageHosts" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "instances": { + "description": "Details about each occurrence of the image (tag + host).\n", + "items": { + "$ref": "#/components/schemas/shared.ImageInstance" + }, + "type": "array" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "malwareAnalyzedTime": { + "description": "MalwareAnalyzedTime is the WildFire evaluator analyzing time shown as progress in UI and cannot to be overwritten by a new scan result.\n", + "format": "date-time", + "type": "string" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pullDuration": { + "description": "PullDuration is the time it took to pull the image.\n", + "format": "int64", + "type": "integer" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanDuration": { + "description": "ScanDuration is the total time it took to scan the image.\n", + "format": "int64", + "type": "integer" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "scanTime": { + "description": "Specifies the time of the last scan of the image.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "stopped": { + "description": "Stopped indicates whether the host was running during the agentless scan.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "trustResult": { + "$ref": "#/components/schemas/trust.ImageResult" + }, + "trustStatus": { + "$ref": "#/components/schemas/trust.Status" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + }, + "wildFireUsage": { + "$ref": "#/components/schemas/wildfire.Usage" + } + }, + "type": "object" + }, + "shared.ImageTag": { + "description": "ImageTag represents an image repository and its associated tag or registry digest", + "properties": { + "digest": { + "description": "Image digest (requires V2 or later registry).\n", + "type": "string" + }, + "id": { + "description": "ID of the image.\n", + "type": "string" + }, + "registry": { + "description": "Registry name to which the image belongs.\n", + "type": "string" + }, + "repo": { + "description": "Repository name to which the image belongs.\n", + "type": "string" + }, + "tag": { + "description": "Image tag.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Incident": { + "description": "Incident represents an incident", + "properties": { + "_id": { + "description": "Internal ID of the incident.\n", + "type": "string" + }, + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "acknowledged": { + "description": "Indicates if the incident has been acknowledged (true) or not (false).\n", + "type": "boolean" + }, + "app": { + "description": "Application that caused the incident.\n", + "type": "string" + }, + "appID": { + "description": "Application ID.\n", + "type": "string" + }, + "audits": { + "description": "All runtime audits of the incident.\n", + "items": { + "$ref": "#/components/schemas/shared.RuntimeAudit" + }, + "type": "array" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "cluster": { + "description": "Cluster on which the incident was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this incident applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerID": { + "description": "ID of the container that triggered the incident.\n", + "type": "string" + }, + "containerName": { + "description": "Unique container name.\n", + "type": "string" + }, + "customRuleName": { + "description": "Name of the custom runtime rule that triggered the incident.\n", + "type": "string" + }, + "fqdn": { + "description": "Current hostname's full domain name.\n", + "type": "string" + }, + "function": { + "description": "Name of the serverless function.\n", + "type": "string" + }, + "functionID": { + "description": "ID of the function that triggered the incident.\n", + "type": "string" + }, + "hostname": { + "description": "Current hostname.\n", + "type": "string" + }, + "imageID": { + "description": "Container image ID.\n", + "type": "string" + }, + "imageName": { + "description": "Container image name.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Custom labels associated with the container.\n", + "type": "object" + }, + "namespace": { + "description": "k8s deployment namespace.\n", + "type": "string" + }, + "profileID": { + "description": "Runtime profile ID.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region of the resource on which the incident was found.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource on which the incident was found.\n", + "type": "string" + }, + "runtime": { + "description": "Runtime of the serverless function.\n", + "type": "string" + }, + "serialNum": { + "description": "Serial number of the incident.\n", + "type": "integer" + }, + "shouldCollect": { + "description": "Indicates if this incident should be collected (true) or not (false).\n", + "type": "boolean" + }, + "time": { + "description": "Time of the incident (in UTC time).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.IncidentType" + }, + "vmID": { + "description": "Azure unique VM ID on which the incident was found.\n", + "type": "string" + }, + "windows": { + "description": "Windows indicates if defender OS type is Windows.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.IncidentCategory": { + "description": "IncidentCategory is the incident category", + "enum": [ + [ + "portScanning", + "hijackedProcess", + "dataExfiltration", + "kubernetes", + "backdoorAdministrativeAccount", + "backdoorSSHAccess", + "cryptoMiner", + "lateralMovement", + "bruteForce", + "customRule", + "alteredBinary", + "suspiciousBinary", + "executionFlowHijackAttempt", + "reverseShell", + "malware", + "cloudProvider" + ] + ], + "type": "string" + }, + "shared.IncidentType": { + "description": "IncidentType is the type of the incident", + "enum": [ + [ + "host", + "container", + "function", + "appEmbedded", + "fargate" + ] + ], + "type": "string" + }, + "shared.InstalledProducts": { + "description": "InstalledProducts contains data regarding products running in environment\nTODO #34713: Swarm support was deprecated in Joule, remove swarm node/manager boolean (and related compliance) in Lagrange", + "properties": { + "agentless": { + "description": "Agentless indicates whether the scan was performed with agentless approach.\n", + "type": "boolean" + }, + "apache": { + "description": "Apache indicates the apache server version, empty in case apache not running.\n", + "type": "string" + }, + "awsCloud": { + "description": "AWSCloud indicates whether AWS cloud is used.\n", + "type": "boolean" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "crio": { + "description": "CRI indicates whether the container runtime is CRI (and not docker).\n", + "type": "boolean" + }, + "docker": { + "description": "Docker represents the docker daemon version.\n", + "type": "string" + }, + "dockerEnterprise": { + "description": "DockerEnterprise indicates whether the enterprise version of Docker is installed.\n", + "type": "boolean" + }, + "hasPackageManager": { + "description": "HasPackageManager indicates whether package manager is installed on the OS.\n", + "type": "boolean" + }, + "k8sApiServer": { + "description": "K8sAPIServer indicates whether a kubernetes API server is running.\n", + "type": "boolean" + }, + "k8sControllerManager": { + "description": "K8sControllerManager indicates whether a kubernetes controller manager is running.\n", + "type": "boolean" + }, + "k8sEtcd": { + "description": "K8sEtcd indicates whether etcd is running.\n", + "type": "boolean" + }, + "k8sFederationApiServer": { + "description": "K8sFederationAPIServer indicates whether a federation API server is running.\n", + "type": "boolean" + }, + "k8sFederationControllerManager": { + "description": "K8sFederationControllerManager indicates whether a federation controller manager is running.\n", + "type": "boolean" + }, + "k8sKubelet": { + "description": "K8sKubelet indicates whether kubelet is running.\n", + "type": "boolean" + }, + "k8sProxy": { + "description": "K8sProxy indicates whether a kubernetes proxy is running.\n", + "type": "boolean" + }, + "k8sScheduler": { + "description": "K8sScheduler indicates whether the kubernetes scheduler is running.\n", + "type": "boolean" + }, + "kubernetes": { + "description": "Kubernetes represents the kubernetes version.\n", + "type": "string" + }, + "managedClusterVersion": { + "description": "ManagedClusterVersion is the version of the managed Kubernetes service, e.g. AKS/EKS/GKE/etc.\n", + "type": "string" + }, + "openshift": { + "description": "Openshift indicates whether openshift is deployed.\n", + "type": "boolean" + }, + "openshiftVersion": { + "description": "OpenshiftVersion represents the running openshift version.\n", + "type": "string" + }, + "osDistro": { + "description": "OSDistro specifies the os distribution.\n", + "type": "string" + }, + "serverless": { + "description": "Serverless indicates whether evaluated on a serverless environment.\n", + "type": "boolean" + }, + "swarmManager": { + "description": "SwarmManager indicates whether a swarm manager is running.\n", + "type": "boolean" + }, + "swarmNode": { + "description": "SwarmNode indicates whether the node is part of an active swarm.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.InternetConnections": { + "description": "InternetConnections represents the radar internet connections", + "properties": { + "incoming": { + "description": "Incoming is the incoming connections.\n", + "items": { + "$ref": "#/components/schemas/shared.Connection" + }, + "type": "array" + }, + "outgoing": { + "description": "Outgoing is the outgoing connections.\n", + "items": { + "$ref": "#/components/schemas/shared.Connection" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.JFrogRepoType": { + "description": "JFrogRepoType represents the type of JFrog Artifactory repository", + "enum": [ + [ + "local", + "remote", + "virtual" + ] + ], + "type": "string" + }, + "shared.KeyValues": { + "description": "KeyValues is a generic key values struct", + "properties": { + "key": { + "description": ".\n", + "type": "string" + }, + "values": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.KubeClusterRole": { + "description": "KubeClusterRole is a compact version of Kubernetes ClusterRole\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#clusterrole-v1-rbac-authorization-k8s-io", + "properties": { + "labels": { + "description": "Labels are the labels associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeLabel" + }, + "type": "array" + }, + "name": { + "description": "Name is the kubernetes role name.\n", + "type": "string" + }, + "roleBinding": { + "description": "RoleBinding is the name of the role binding used for display.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the policy rules associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubePolicyRule" + }, + "type": "array" + }, + "version": { + "description": "Version is the resource version of the role object maintained by Kubernetes.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.KubeLabel": { + "description": "KubeLabel represents a label\nThese are stored as an array to allow special characters in key names,\nsee https://docs.mongodb.com/manual/reference/limits/#Restrictions-on-Field-Names\nFor example: kubernetes.io/bootstrapping", + "properties": { + "key": { + "description": "Key is the key of the label.\n", + "type": "string" + }, + "value": { + "description": "Value is the value of the label.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.KubePolicyRule": { + "description": "KubePolicyRule is a compact version of Kubernetes PolicyRule\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#policyrule-v1-rbac-authorization-k8s-io", + "properties": { + "apiGroups": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "nonResourceURLs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "resourceNames": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "resources": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "verbs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.KubeRole": { + "description": "KubeRole is a compact version of Kubernetes Role\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#role-v1-rbac-authorization-k8s-io", + "properties": { + "labels": { + "description": "Labels are the labels associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeLabel" + }, + "type": "array" + }, + "name": { + "description": "Name is the role name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace associated with the role.\n", + "type": "string" + }, + "roleBinding": { + "description": "RoleBinding is the name of the role binding used for display.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the list of rules associated with the cluster role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubePolicyRule" + }, + "type": "array" + }, + "version": { + "description": "Version is the resource version of the role object maintained by Kubernetes.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.LambdaRuntimeType": { + "description": "LambdaRuntimeType represents the runtime type of the serverless function\nThe constants used are taken from: https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime", + "enum": [ + [ + "python", + "python3.6", + "python3.7", + "python3.8", + "python3.9", + "python3.10", + "python3.11", + "python3.12", + "nodejs", + "nodejs12.x", + "nodejs14.x", + "nodejs16.x", + "nodejs18.x", + "nodejs20.x", + "dotnet", + "dotnetcore2.1", + "dotnetcore3.1", + "dotnet6", + "java", + "java8", + "java11", + "java17", + "java21", + "ruby", + "ruby2.7" + ] + ], + "type": "string" + }, + "shared.License": { + "description": "License represent the customer license", + "properties": { + "access_token": { + "description": "AccessToken is the customer access token.\n", + "type": "string" + }, + "contract_id": { + "description": "ContractID is the customer contract ID.\n", + "type": "string" + }, + "contract_type": { + "$ref": "#/components/schemas/shared.LicenseContractType" + }, + "credits": { + "description": "Credits the total amount of credits purchased by the customer.\n", + "type": "integer" + }, + "customer_id": { + "description": "CustomerID is the customer ID.\n", + "type": "string" + }, + "defender_details": { + "description": "DefenderDetails represents the defenders license details.\n", + "items": { + "$ref": "#/components/schemas/shared.DefenderLicenseDetails" + }, + "type": "array" + }, + "defenders": { + "description": "Deprecated: Defenders is the maximum number of defender allowed in this license. Use DefenderDetails field instead.\n", + "type": "integer" + }, + "expiration_date": { + "description": "ExpirationDate is the license expiration date.\n", + "format": "date-time", + "type": "string" + }, + "issue_date": { + "description": "IssueDate is the license issue date.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.LicenseTier" + }, + "workloads": { + "description": "Deprecated: Workloads is the number of workloads per license kept for backward compatibility. Use Credits instead.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.LicenseConfig": { + "description": "LicenseConfig is the compliance policy license configuration", + "properties": { + "alertThreshold": { + "$ref": "#/components/schemas/shared.LicenseThreshold" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.LicenseThreshold" + }, + "critical": { + "description": "Critical is the list of licenses with critical severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "high": { + "description": "High is the list of licenses with high severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "low": { + "description": "Low is the list of licenses with low severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "medium": { + "description": "Medium is the list of licenses with medium severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.LicenseContractType": { + "description": "LicenseContractType is the license contract type", + "enum": [ + [ + "", + "host", + "avg", + "burndown" + ] + ], + "type": "string" + }, + "shared.LicenseThreshold": { + "description": "LicenseThreshold is the license severity threshold to indicate whether to perform an action (alert/block)\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "enabled": { + "description": "Enabled indicates that the action is enabled.\n", + "type": "boolean" + }, + "value": { + "description": "Value is the minimum severity score for which the action is enabled.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.LicenseTier": { + "description": "LicenseTier represents the license tier of the customer", + "enum": [ + [ + "", + "developer", + "enterprise", + "evaluation", + "oem" + ] + ], + "type": "string" + }, + "shared.LogInspectionEvent": { + "description": "LogInspectionEvent is a log inspection event detected according to the log inspection rules", + "properties": { + "_id": { + "description": "ID is event's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster on which the event was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this event applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname is the hostname on which the event was found.\n", + "type": "string" + }, + "line": { + "description": "Line is the matching log line.\n", + "type": "string" + }, + "logfile": { + "description": "Logfile is the log file which triggered the event.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the applied rule for auditing log inspection events.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.LoggerSetting": { + "description": "LoggerSetting are a specific logger settings", + "properties": { + "allProcEvents": { + "description": "AllProcEvents indicates whether any new spawned container process should generate an event source entry.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether log feature is enabled.\n", + "type": "boolean" + }, + "verboseScan": { + "description": "VerboseScan indicates whether detailed scan (Compliance/Vulnerability) result should be written to event logger.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.LoggingSettings": { + "description": "LoggingSettings are the logging settings", + "properties": { + "consoleAddress": { + "description": "ConsoleAddress is the console address used by the admin to access the console, used for creating links for runtime events.\n", + "type": "string" + }, + "enableMetricsCollection": { + "description": "EnableMetricsCollection indicates whether metric collections feature is enabled.\n", + "type": "boolean" + }, + "includeRuntimeLink": { + "description": "IncludeRuntimeLink indicates whether link to forensic event should be included in the output.\n", + "type": "boolean" + }, + "stdout": { + "$ref": "#/components/schemas/shared.LoggerSetting" + }, + "syslog": { + "$ref": "#/components/schemas/shared.SyslogSettings" + } + }, + "type": "object" + }, + "shared.Malware": { + "description": "Malware is an executable and its md5", + "properties": { + "allowed": { + "description": "Allowed indicates if this signature is on the allowed list.\n", + "type": "boolean" + }, + "md5": { + "description": ".\n", + "type": "string" + }, + "modified": { + "description": "Modified is the time the malware was added to the DB.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.MgmtAudit": { + "description": "MgmtAudit represents a management audit in the system", + "properties": { + "api": { + "description": "API is the api used in the audit process.\n", + "type": "string" + }, + "diff": { + "description": "Diff is the diff between old and new values.\n", + "type": "string" + }, + "failure": { + "description": "Failure states whether the request failed or not.\n", + "type": "boolean" + }, + "sourceIP": { + "description": "SourceIP is the request's source IP.\n", + "type": "string" + }, + "status": { + "description": "Status is the request's response status.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the request.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.MgmtType" + }, + "username": { + "description": "Username is the username of the user who performed the action.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.MgmtType": { + "description": "MgmtType represents management audit types", + "enum": [ + [ + "login", + "profile", + "settings", + "rule", + "user", + "group", + "credential", + "tag", + "role", + "pairing" + ] + ], + "type": "string" + }, + "shared.NetworkInfo": { + "description": "NetworkInfo contains data about a container regarding a specific network", + "properties": { + "ipAddress": { + "description": "IPAddress is the container IP.\n", + "type": "string" + }, + "macAddress": { + "description": "MacAddress is the container MAC.\n", + "type": "string" + }, + "name": { + "description": "Name is the network name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.NodeJSModuleType": { + "description": "NodeJSModuleType is the type of a NodeJS module", + "enum": [ + [ + "commonjs", + "ecmascript" + ] + ], + "type": "string" + }, + "shared.Package": { + "description": "Package stores relevant package information", + "properties": { + "author": { + "description": "Author is the package's author.\n", + "type": "string" + }, + "binaryIdx": { + "description": "Indexes of the top binaries which use the package.\n", + "items": { + "$ref": "#/components/schemas/int16" + }, + "type": "array" + }, + "binaryPkgs": { + "description": "Names of the distro binary packages (packages which are built on the source of the package).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cveCount": { + "description": "Total number of CVEs for this specific package.\n", + "type": "integer" + }, + "defaultGem": { + "description": "DefaultGem indicates this is a gem default package (and not a bundled package).\n", + "type": "boolean" + }, + "fileInfos": { + "description": "FileInfos are info for all package files, containing info on file path, hash and size, not saved in the scan result.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "files": { + "description": "List of package-related files and their hashes. Only included when the appropriate scan option is set.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "fullPkgPath": { + "description": "FullPkgPath is populated for all non-distro packages and represents the pkg path.\n", + "type": "string" + }, + "functionLayer": { + "description": "ID of the serverless layer in which the package was discovered.\n", + "type": "string" + }, + "goPkg": { + "description": "GoPkg indicates this is a Go package (and not module).\n", + "type": "boolean" + }, + "jarIdentifier": { + "description": "JarIdentifier holds an additional identification detail of a JAR package.\n", + "type": "string" + }, + "layerTime": { + "description": "Image layer to which the package belongs (layer creation time).\n", + "format": "int64", + "type": "integer" + }, + "license": { + "description": "License information for the package.\n", + "type": "string" + }, + "name": { + "description": "Name of the package.\n", + "type": "string" + }, + "originPackageName": { + "description": "OriginPackageName is the name of the third-party origin package.\n", + "type": "string" + }, + "osPackage": { + "description": "OSPackage indicates that a python/java package was installed as an OS package.\n", + "type": "boolean" + }, + "path": { + "description": "Full package path (e.g., JAR or Node.js package path).\n", + "type": "string" + }, + "purl": { + "description": "PURL is a package URL identifier for this package.\n", + "type": "string" + }, + "securityRepoPkg": { + "description": "SecurityRepoPkg determines if this package is available in a security repository.\n", + "type": "boolean" + }, + "symbols": { + "description": "Symbols contains names of vulnerable functions that are linked in the executable binary, empty if the entire package is vulnerable.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "version": { + "description": "Package version.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Packages": { + "description": "Packages is a collection of packages", + "properties": { + "pkgs": { + "description": "List of packages.\n", + "items": { + "$ref": "#/components/schemas/shared.Package" + }, + "type": "array" + }, + "pkgsType": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.PkgTypeThreshold": { + "description": "PkgTypeThreshold represents specific vulnerability alert and block thresholds for a package type", + "properties": { + "alertThreshold": { + "$ref": "#/components/schemas/shared.AlertThreshold" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.BlockThreshold" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.PkgsTimes": { + "description": "PkgsTimes are the compressed layer times for pkgs of the specific type", + "properties": { + "pkgTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/int64" + }, + "type": "array" + }, + "pkgsType": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.Policy": { + "description": "Policy represents a policy that should be enforced by the Auditor", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "rules": { + "description": "Rules holds all policy rules.\n", + "items": { + "$ref": "#/components/schemas/shared.PolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.PolicyRule": { + "description": "PolicyRule is a single rule in the policy", + "properties": { + "action": { + "description": "Action to take.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "alertThreshold": { + "$ref": "#/components/schemas/shared.AlertThreshold" + }, + "allCompliance": { + "description": "Reports the results of all compliance checks (both passed and failed) (true).\n", + "type": "boolean" + }, + "auditAllowed": { + "description": "Specifies if Prisma Cloud audits successful transactions.\n", + "type": "boolean" + }, + "blockMsg": { + "$ref": "#/components/schemas/common.PolicyBlockMsg" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.BlockThreshold" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "condition": { + "$ref": "#/components/schemas/shared.Conditions" + }, + "createPR": { + "description": "CreatePR indicates whether to create a pull request for vulnerability fixes (relevant for code repos).\n", + "type": "boolean" + }, + "cveRules": { + "description": "List of CVE IDs classified for special handling (also known as exceptions).\n", + "items": { + "$ref": "#/components/schemas/shared.CVERule" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/common.PolicyEffect" + }, + "excludeBaseImageVulns": { + "description": "ExcludeBaseImageVulns indicates whether to exclude vulnerabilities coming from the base image.\n", + "type": "boolean" + }, + "graceDays": { + "description": "Number of days to suppress the rule's block effect. Measured from date the vuln was fixed. If there's no fix, measured from the date the vuln was published.\n", + "type": "integer" + }, + "graceDaysPolicy": { + "$ref": "#/components/schemas/shared.GraceDaysPolicy" + }, + "group": { + "description": "Applicable groups.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "license": { + "$ref": "#/components/schemas/shared.LicenseConfig" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "onlyFixed": { + "description": "Applies rule only when vendor fixes are available (true).\n", + "type": "boolean" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pkgTypesThresholds": { + "description": "PkgTypesThresholds holds package type specific alert and block thresholds.\n", + "items": { + "$ref": "#/components/schemas/shared.PkgTypeThreshold" + }, + "type": "array" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "principal": { + "description": "Applicable users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactorsEffects": { + "description": "RiskFactorsEffects indicates the effect (alert/block) of each risk factor.\n", + "items": { + "$ref": "#/components/schemas/shared.RiskFactorEffect" + }, + "type": "array" + }, + "tags": { + "description": "List of tags classified for special handling (also known as exceptions).\n", + "items": { + "$ref": "#/components/schemas/shared.TagRule" + }, + "type": "array" + }, + "verbose": { + "description": "Displays a detailed message when an operation is blocked (true).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.Port": { + "description": "Port is a container port", + "properties": { + "containerPort": { + "description": "ContainerPort is the mapped port inside the container.\n", + "type": "string" + }, + "hostIP": { + "description": "HostIP is the host IP.\n", + "type": "string" + }, + "hostPort": { + "description": "HostPort is the host port.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ProfileKubernetesData": { + "description": "ProfileKubernetesData holds Kubernetes data", + "properties": { + "clusterRoles": { + "description": "ClusterRoles are the cluster roles of the associated service account.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeClusterRole" + }, + "type": "array" + }, + "roles": { + "description": "Roles are the roles of the associated service account.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeRole" + }, + "type": "array" + }, + "serviceAccount": { + "description": "ServiceAccount is the service account used to access Kubernetes apiserver\nThis field will be empty if the container is not running inside of a Pod.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Progress": { + "description": "Progress displays the scan progress", + "properties": { + "aisInitialScanInProgress": { + "description": "AISInitialScanInProgress indicates whether agentless next-gen first scheduled scan is in progress.\n", + "type": "boolean" + }, + "aisOnDemandScanInProgress": { + "description": "AISOnDemandScanInProgress indicates whether agentless next-gen on demand scan is in progress.\n", + "type": "boolean" + }, + "discovery": { + "description": "Discovery indicates whether the scan is in discovery phase.\n", + "type": "boolean" + }, + "error": { + "description": "Error is the error that happened during scan.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname for which the progress apply.\n", + "type": "string" + }, + "id": { + "description": "ID is the ID of the entity being scanned.\n", + "type": "string" + }, + "onDemand": { + "description": "OnDemand indicates whether the scan was triggered by the user or not (scheduled scan).\n", + "type": "boolean" + }, + "scanTime": { + "description": "ScanTime is the time of scan.\n", + "format": "date-time", + "type": "string" + }, + "scanned": { + "description": "Scanned is the number of entities for which the scan completed.\n", + "type": "integer" + }, + "title": { + "description": "Title is the progress title (set by the scanning process).\n", + "type": "string" + }, + "total": { + "description": "Total is the total amount of entities that should be scanned.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + } + }, + "type": "object" + }, + "shared.RegionData": { + "description": "RegionData contains data regarding a region", + "properties": { + "coordinates": { + "$ref": "#/components/schemas/shared.Coordinates" + }, + "name": { + "description": "Name is the region display name.\n", + "type": "string" + }, + "region": { + "description": "Region is the region code name.\n", + "type": "string" + }, + "regionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "supportedServices": { + "description": "SupportedServices is a list of cloud service types the region supports.\n", + "items": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.RegionDataByCloudProvider": { + "additionalProperties": { + "$ref": "#/components/schemas/-_shared.RegionData" + }, + "description": "RegionDataByCloudProvider represents the region data per cloud provider", + "type": "object" + }, + "shared.RegionType": { + "description": "RegionType specifies the region type that runs the Amazon services", + "enum": [ + [ + "regular", + "gov", + "china", + "all" + ] + ], + "type": "string" + }, + "shared.RegistryOSType": { + "description": "RegistryOSType specifies the registry images base OS type", + "enum": [ + [ + "linux", + "linuxARM64", + "windows" + ] + ], + "type": "string" + }, + "shared.RegistryScanProgress": { + "description": "RegistryScanProgress represents the registry scan progress", + "properties": { + "discovery": { + "$ref": "#/components/schemas/shared.Progress" + }, + "imageScan": { + "$ref": "#/components/schemas/shared.Progress" + }, + "isScanOngoing": { + "description": "IsScanOngoing indicates if a scan is currently ongoing.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.RegistryScanRequest": { + "description": "RegistryScanRequest represents a registry scan request", + "properties": { + "onDemandScan": { + "description": "OnDemandScan indicates whether to handle request using the on-demand scanner.\n", + "type": "boolean" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "settings": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + }, + "tag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": { + "description": "Type indicates the type of the scan request.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.RegistrySettings": { + "description": "RegistrySettings contains each registry's unique settings", + "properties": { + "harborScannerUrlSuffix": { + "description": "Relative path to the Harbor scanner endpoint.\n", + "type": "string" + }, + "specifications": { + "description": "Information for connecting to the registries to be scanned.\n", + "items": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + }, + "type": "array" + }, + "webhookUrlSuffix": { + "description": "Relative path to the webhook HTTP endpoint.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RegistrySpecification": { + "description": "RegistrySpecification contains information for connecting to local/remote registry", + "properties": { + "azureCloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "caCert": { + "description": "CACert is the Certificate Authority that signed the registry certificate.\n", + "type": "string" + }, + "cap": { + "description": "Specifies the maximum number of images from each repo to fetch and scan, sorted by most recently modified.\n", + "type": "integer" + }, + "collections": { + "description": "Specifies the set of Defenders in-scope for working on a scan job.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "ID of the credentials in the credentials store to use for authenticating with the registry.\n", + "type": "string" + }, + "excludedRepositories": { + "description": "Repositories to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "excludedTags": { + "description": "Tags to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "gitlabRegistrySpec": { + "$ref": "#/components/schemas/shared.GitlabRegistrySpec" + }, + "harborDeploymentSecurity": { + "description": "Indicates whether the Prisma Cloud plugin uses temporary tokens provided by Harbor to scan images in projects where Harbor's deployment security setting is enabled.\n", + "type": "boolean" + }, + "id": { + "description": "ID is a unique identifier of the registry spec.\n", + "type": "string" + }, + "jfrogRepoTypes": { + "description": "JFrog Artifactory repository types to scan.\n", + "items": { + "$ref": "#/components/schemas/shared.JFrogRepoType" + }, + "type": "array" + }, + "lastScanStatus": { + "description": "LastScanStatus is the last scan status. we keep both LastScanStatus and ScanStatus in order to not lose the latest scan status when a scan starts.\n", + "type": "string" + }, + "lastScanTime": { + "description": "LastScanTime specifies the last time a scan was completed.\n", + "format": "date-time", + "type": "string" + }, + "namespace": { + "description": "IBM Bluemix namespace https://console.bluemix.net/docs/services/Registry/registry_overview.html#registry_planning.\n", + "type": "string" + }, + "os": { + "$ref": "#/components/schemas/shared.RegistryOSType" + }, + "registry": { + "description": "Registry address (e.g., https://gcr.io).\n", + "type": "string" + }, + "repository": { + "description": "Repositories to scan.\n", + "type": "string" + }, + "scanError": { + "description": "ScanError is the error received while scanning the specification.\n", + "type": "string" + }, + "scanStatus": { + "description": "ScanStatus is the scan status that's updated dynamically during the scan, when the scan finishes - its value is passed to the LastScanStatus field in the DB.\n", + "type": "string" + }, + "scanTime": { + "description": "ScanTime specifies the time a scan was started.\n", + "format": "date-time", + "type": "string" + }, + "scanners": { + "description": "Number of Defenders that can be utilized for each scan job.\n", + "type": "integer" + }, + "tag": { + "description": "Tags to scan.\n", + "type": "string" + }, + "version": { + "description": "Registry type. Determines the protocol Prisma Cloud uses to communicate with the registry.\n", + "type": "string" + }, + "versionPattern": { + "description": "Pattern heuristic for quickly filtering images by tags without having to query all images for modification dates.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RiskFactorEffect": { + "description": "RiskFactorEffect represents the effect which is applied by a risk factor", + "properties": { + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "riskFactor": { + "$ref": "#/components/schemas/vulnerability.RiskFactor" + } + }, + "type": "object" + }, + "shared.RuntimeAttackType": { + "description": "RuntimeAttackType is the sub-category of the attack (e.g., malware process, process not in model, etc...)", + "enum": [ + [ + "", + "cloudMetadataProbing", + "kubeletAPIAccess", + "kubeletReadonlyAccess", + "kubectlSpawned", + "kubectlDownloaded", + "horizontalPortScanning", + "verticalPortScanning", + "explicitlyDeniedIP", + "customFeedIP", + "feedIP", + "unexpectedOutboundPort", + "suspiciousNetworkActivity", + "unexpectedListeningPort", + "explicitlyDeniedListeningPort", + "explicitlyDeniedOutboundPort", + "listeningPortModifiedProcess", + "outboundPortModifiedProcess", + "feedDNS", + "explicitlyDeniedDNS", + "dnsQuery", + "unexpectedProcess", + "portScanProcess", + "malwareProcessCustom", + "malwareProcessFeed", + "explicitlyDeniedProcess", + "modifiedProcess", + "cryptoMinerProcess", + "lateralMovementProcess", + "tmpfsProcess", + "policyHijacked", + "reverseShell", + "suidBinaries", + "unknownOriginBinary", + "webShell", + "administrativeAccount", + "encryptedBinary", + "sshAccess", + "explicitlyDeniedFile", + "malwareFileCustom", + "malwareFileFeed", + "execFileAccess", + "elfFileAccess", + "secretFileAccess", + "regFileAccess", + "wildfireMalware", + "unknownOriginBinary", + "webShell", + "fileIntegrity", + "alteredBinary", + "malwareDownloaded", + "suspiciousELFHeader", + "executionFlowHijackAttempt", + "customRule" + ] + ], + "type": "string" + }, + "shared.RuntimeAudit": { + "description": "RuntimeAudit represents a runtime audit event (fires when a runtime policy is violated)", + "properties": { + "_id": { + "description": "Internal ID (used for in-place updates).\n", + "type": "string" + }, + "accountID": { + "description": "ID of the cloud account where the audit was generated.\n", + "type": "string" + }, + "app": { + "description": "Name of the service which violated the host policy.\n", + "type": "string" + }, + "appID": { + "description": "Application ID.\n", + "type": "string" + }, + "attackTechniques": { + "description": "MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "attackType": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "cluster": { + "description": "Cluster name.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "command": { + "description": "ScrubbedCommand is the command executed by the process with scrubbed PII.\n", + "type": "string" + }, + "container": { + "description": "Indicates if this is a container audit (true) or host audit (false).\n", + "type": "boolean" + }, + "containerId": { + "description": "ID of the container that violates the rule.\n", + "type": "string" + }, + "containerName": { + "description": "Container name.\n", + "type": "string" + }, + "count": { + "description": "Attack type audits count.\n", + "type": "integer" + }, + "country": { + "description": "Outbound country for outgoing network audits.\n", + "type": "string" + }, + "domain": { + "description": "Domain is the requested domain.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "err": { + "description": "Unknown error in the audit process.\n", + "type": "string" + }, + "filepath": { + "description": "Filepath is the path of the modified file.\n", + "type": "string" + }, + "fqdn": { + "description": "Current full domain name used in audit alerts.\n", + "type": "string" + }, + "function": { + "description": "Name of the serverless function that caused the audit.\n", + "type": "string" + }, + "functionID": { + "description": "ID of the function invoked.\n", + "type": "string" + }, + "hostname": { + "description": "Current hostname.\n", + "type": "string" + }, + "imageId": { + "description": "Container image ID.\n", + "type": "string" + }, + "imageName": { + "description": "Container image name.\n", + "type": "string" + }, + "interactive": { + "description": "Indicates if the audit was triggered from a process that was spawned in interactive mode (e.g., docker exec ...) (true) or not (false).\n", + "type": "boolean" + }, + "ip": { + "description": "IP is the connection destination IP address.\n", + "type": "string" + }, + "label": { + "description": "Container deployment label.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Custom labels which augment the audit data.\n", + "type": "object" + }, + "md5": { + "description": "MD5 is the MD5 of the modified file (only for executables.\n", + "type": "string" + }, + "msg": { + "description": "Blocking message text.\n", + "type": "string" + }, + "namespace": { + "description": "K8s deployment namespace.\n", + "type": "string" + }, + "os": { + "description": "Operating system distribution.\n", + "type": "string" + }, + "pid": { + "description": "ID of the process that caused the audit event.\n", + "type": "integer" + }, + "port": { + "description": "Port is the connection destination port.\n", + "type": "integer" + }, + "processPath": { + "description": "Path of the process that caused the audit event.\n", + "type": "string" + }, + "profileId": { + "description": "Profile ID of the audit.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "rawEvent": { + "description": "Unparsed function handler event input.\n", + "type": "string" + }, + "region": { + "description": "Region of the resource where the audit was generated.\n", + "type": "string" + }, + "requestID": { + "description": "ID of the lambda function invocation request.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource where the audit was generated.\n", + "type": "string" + }, + "ruleName": { + "description": "Name of the rule that was applied, if blocked.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "severity": { + "$ref": "#/components/schemas/shared.RuntimeSeverity" + }, + "time": { + "description": "Time of the audit event (in UTC time).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.RuntimeType" + }, + "user": { + "description": "Service user.\n", + "type": "string" + }, + "version": { + "description": "Defender version.\n", + "type": "string" + }, + "vmID": { + "description": "Azure unique VM ID where the audit was generated.\n", + "type": "string" + }, + "wildFireReportURL": { + "description": "WildFireReportURL is a URL link of the report generated by wildFire.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RuntimeProfileState": { + "description": "RuntimeProfileState represents the state of an image profile", + "enum": [ + [ + "learning", + "dryRun", + "learningExtended", + "manualLearning", + "manualRelearning", + "active", + "manualActive" + ] + ], + "type": "string" + }, + "shared.RuntimeSecretScrubbingSettings": { + "description": "RuntimeSecretScrubbingSettings holds the runtime secret scrubbing settings", + "properties": { + "customSpecs": { + "description": "CustomSpecs is a collection of generic sensitive data masking patterns.\n", + "items": { + "$ref": "#/components/schemas/runtime.SecretScrubbingSpec" + }, + "type": "array" + }, + "skipDefault": { + "description": "SkipDefault indicates whether default secret scrubbing should be skipped.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.RuntimeSeverity": { + "description": "RuntimeSeverity represents the runtime severity", + "enum": [ + [ + "low", + "medium", + "high" + ] + ], + "type": "string" + }, + "shared.RuntimeType": { + "description": "RuntimeType represents the runtime protection type", + "enum": [ + [ + "processes", + "network", + "kubernetes", + "filesystem" + ] + ], + "type": "string" + }, + "shared.ScanErrorInfo": { + "description": "ScanErrorInfo holds information about the errors that occurred during the scan", + "properties": { + "category": { + "description": "Category is the category of error.\n", + "type": "string" + }, + "cause": { + "description": "Cause describes what caused the error.\n", + "type": "string" + }, + "detectedDuring": { + "$ref": "#/components/schemas/shared.AISOperationType" + }, + "error": { + "description": "Error holds the full error string.\n", + "type": "string" + }, + "recommendation": { + "description": "Recommendation provides more information about error and suggestions for possible fixes.\n", + "type": "string" + }, + "score": { + "description": "Score is a rating of how relevant the error is to the customer.\n", + "type": "integer" + }, + "source": { + "description": "Source is details on where the error occurred.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ScanResultType": { + "description": "ScanResultType represents a cloud scan result type", + "enum": [ + [ + "aws-ecr", + "aws-lambda", + "aws-ec2", + "aws-eks", + "aws-ecs", + "aws-s3", + "aws-config", + "aws-cloud-trail", + "aws-kms", + "aws-cloud-watch", + "aws-sns", + "aws-security-hub", + "aws-secrets-manager", + "aws-parameter-store", + "azure-acr", + "azure-functions", + "azure-aks", + "azure-aci", + "azure-vm", + "gcp-gcr", + "gcp-gcf", + "gcp-gke", + "gcp-vm", + "gcp-artifact", + "oci-instance" + ] + ], + "type": "string" + }, + "shared.ScanSettings": { + "description": "ScanSettings are global settings for image/host/container and registry scanning", + "properties": { + "agentlessScanPeriodMs": { + "description": "AgentlessScanPeriodMS is the agentless scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "cloudPlatformsScanPeriodMs": { + "description": "CloudPlatformsScanPeriodMS is the cloud platforms scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "containersScanPeriodMs": { + "description": "ContainersScanPeriodMS is the container scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "extractArchive": { + "description": "ExtractArchive indicates whether to search within archive during scan is enabled.\n", + "type": "boolean" + }, + "imagesScanPeriodMs": { + "description": "ImageScanPeriodMS is the image scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "includeJsDependencies": { + "description": "IncludeJsDependencies indicates whether to include packages from the \"dependencies\".\n", + "type": "boolean" + }, + "registryScanPeriodMs": { + "description": "RegistryScanPeriodMS is the registry scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "registryScanRetentionDays": { + "description": "RegistryScanRetentionDays is the number of days to keep deleted registry images.\n", + "type": "integer" + }, + "scanRunningImages": { + "description": "ScanRunningImages indicates only images that are used by containers should be used.\n", + "type": "boolean" + }, + "serverlessScanPeriodMs": { + "description": "ServerlessScanPeriodMS is the serverless vulnerability scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "showInfraContainers": { + "description": "ShowInfraContainers indicates infra containers should be shown.\n", + "type": "boolean" + }, + "showNegligibleVulnerabilities": { + "description": "ShowNegligibleVulnerabilities indicates whether to display negligible vulnerabilities (low severity or will not be fixed).\n", + "type": "boolean" + }, + "systemScanPeriodMs": { + "description": "SystemScanPeriodMS is the host scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "tasDropletsScanPeriodMs": { + "description": "TASDropletsScanPeriodMS is the TAS scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "vmScanPeriodMs": { + "description": "VMScanPeriodMS is the VM image scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ScanType": { + "description": "ScanType displays the components for an ongoing scan", + "enum": [ + [ + "image", + "ciImage", + "container", + "host", + "agentlessHost", + "registry", + "serverlessScan", + "ciServerless", + "vm", + "tas", + "ciTas", + "cloudDiscovery", + "serverlessRadar", + "serverlessAutoDeploy", + "hostAutoDeploy", + "codeRepo", + "ciCodeRepo" + ] + ], + "type": "string" + }, + "shared.SecretStoreType": { + "description": "SecretStoreType is the secrets store type", + "enum": [ + [ + "hashicorp", + "hashicorp010", + "cyberark", + "awsParameterStore", + "awsSecretsManager", + "azure" + ] + ], + "type": "string" + }, + "shared.SecretsInjectionType": { + "description": "SecretsInjectionType is the method used to inject secrets to containers", + "enum": [ + [ + "envvar", + "filesystem" + ] + ], + "type": "string" + }, + "shared.SecretsPolicy": { + "description": "SecretsPolicy defines policy for distribution of secrets to containers", + "properties": { + "_id": { + "description": "ID is the internal secret policy id.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of secret injection rules.\n", + "items": { + "$ref": "#/components/schemas/shared.SecretsRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.SecretsRule": { + "description": "SecretsRule defines distribution of secrets to containers", + "properties": { + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "injection": { + "$ref": "#/components/schemas/shared.SecretsInjectionType" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "readAllPerm": { + "description": "ReadAllPerm indicates whether file permissions of injected secrets allow read by root only or by all users.\n", + "type": "boolean" + }, + "secrets": { + "description": "Secrets are the encrypted secrets to inject.\n", + "items": { + "$ref": "#/components/schemas/shared.VaultSecret" + }, + "type": "array" + }, + "targetDir": { + "description": "TargetDir is the target directory to inject secret files to if we choose filesystem injection.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.SecretsStore": { + "description": "SecretsStore represents a secret storage entity", + "properties": { + "appID": { + "description": "AppID is the twistlock application id, as set in Cyberark store.\n", + "type": "string" + }, + "caCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "clientCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "credentialId": { + "description": "CredentialID is the authentication credential id.\n", + "type": "string" + }, + "name": { + "description": "Name is the name of the secret store defined by the user.\n", + "type": "string" + }, + "region": { + "description": "Region is the secrets store's region.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.SecretStoreType" + }, + "url": { + "description": "URL is the secrets store's endpoint point.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.SecretsStores": { + "description": "SecretsStores are settings for connecting with secrets storage vaults", + "properties": { + "refreshPeriodHours": { + "description": "RefreshPeriodHours is the secret stores refresh time in hours.\n", + "type": "integer" + }, + "secretsStores": { + "description": "Stores is the list of stores to fetch secrets from.\n", + "items": { + "$ref": "#/components/schemas/shared.SecretsStore" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ServerlessAutoDeploySpecification": { + "description": "ServerlessAutoDeploySpecification contains the information for auto-deploying serverless functions protection", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "consoleAddr": { + "description": "ConsoleAddr represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the last modified time of the specification.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the spec.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "runtimes": { + "description": "Runtimes is the list of runtimes to which the spec applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ServerlessAutoDeploySpecifications": { + "description": "ServerlessAutoDeploySpecifications is a list of serverless auto-deploy specifications", + "items": { + "$ref": "#/components/schemas/shared.ServerlessAutoDeploySpecification" + }, + "type": "array" + }, + "shared.ServerlessBundleRequest": { + "description": "ServerlessBundleRequest represents the arguments to serverless bundle request", + "properties": { + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxyCA": { + "description": "ProxyCA is the proxy\u2019s CA certificate for Defender to trust.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + } + }, + "type": "object" + }, + "shared.ServerlessLayerBundleRequest": { + "description": "ServerlessLayerBundleRequest represents the arguments to a serverless layer bundle request", + "properties": { + "nodeJSModuleType": { + "$ref": "#/components/schemas/shared.NodeJSModuleType" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxyCA": { + "description": "ProxyCA is the proxy\u2019s CA certificate for Defender to trust.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + } + }, + "type": "object" + }, + "shared.ServerlessScanSpecification": { + "description": "ServerlessScanSpecification describes how to connect to a serverless provider", + "properties": { + "cap": { + "description": "Specifies the maximum number of functions to fetch and scan, ordered by most recently modified.\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled indicates whether serverless scanning is enabled.\n", + "type": "boolean" + }, + "scanAllVersions": { + "description": "Specifies whether to scan all image versions. If set to false, scans only $LATEST. Default: false.\n", + "type": "boolean" + }, + "scanLayers": { + "description": "Specifies whether to scan a function's layers. Default: true.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.SubnetConnections": { + "description": "SubnetConnections holds the entity incoming and outgoing connections from/to subnets", + "properties": { + "incoming": { + "additionalProperties": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstances" + }, + "description": "Incoming holds connection from radar entity to subnet.\n", + "type": "object" + }, + "outgoing": { + "additionalProperties": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstances" + }, + "description": "Outgoing holds connection from subnet to radar entity.\n", + "type": "object" + } + }, + "type": "object" + }, + "shared.SyslogSettings": { + "description": "SyslogSettings are the syslog settings", + "properties": { + "addr": { + "description": "Addr is the remote address for sending events.\n", + "type": "string" + }, + "allProcEvents": { + "description": "AllProcEvents indicates whether any new spawned container process should generate an event source entry.\n", + "type": "boolean" + }, + "cert": { + "description": "Cert is the server cert for dialing TLS syslogger.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether log feature is enabled.\n", + "type": "boolean" + }, + "id": { + "description": "ID represents the user's custom identifier string.\n", + "type": "string" + }, + "verboseScan": { + "description": "VerboseScan indicates whether detailed scan (Compliance/Vulnerability) result should be written to event logger.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.TASDropletSpecification": { + "description": "TASDropletSpecification specify which droplets to scan", + "properties": { + "cap": { + "description": "Cap indicates only the last k images should be fetched.\n", + "type": "integer" + }, + "cloudControllerAddress": { + "description": "CloudControllerAddress is the address of the local cloud controller in TAS env.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname of the defender that is used as the blobstore scanner.\n", + "type": "string" + }, + "pattern": { + "description": "Name is the droplet name.\n", + "type": "string" + }, + "remote": { + "description": "Remote indicates whether the blobstore is remote or local.\n", + "type": "boolean" + }, + "remoteConfig": { + "$ref": "#/components/schemas/shared.TASRemoteBlobstoreConfig" + } + }, + "type": "object" + }, + "shared.TASRemoteBlobstoreConfig": { + "description": "TASRemoteBlobstoreConfig contains remote blobstore details", + "properties": { + "blobstoreAddress": { + "description": "BlobstoreAddress is the address of the remote cloud controller.\n", + "type": "string" + }, + "cACert": { + "description": "CACert Ops manager CA root certificate in case the user chooses not to skip TLS validation.\n", + "type": "string" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "CredentialID is the id in the credentials store to use for authenticating with the remote blobstore.\n", + "type": "string" + }, + "foundation": { + "description": " Foundation is the name of TAS foundation.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Tag": { + "description": "Tag represents a single tag", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "description": { + "description": "Description is the tag description.\n", + "type": "string" + }, + "name": { + "description": "Name is the tag name.\n", + "type": "string" + }, + "vulns": { + "description": "Vulns are the tagged vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/shared.TagVulnMetadata" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.TagRule": { + "description": "TagRule is a tag rule for specific vulnerabilities", + "properties": { + "description": { + "description": "Free-form text for documenting the exception.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "expiration": { + "$ref": "#/components/schemas/vuln.ExpirationDate" + }, + "name": { + "description": "Tag name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.TagVulnMetadata": { + "description": "TagVulnMetadata contains the tag vulnerability metadata", + "properties": { + "checkBaseLayer": { + "description": "(Applies only to the resource type 'image') Checks whether the base layer in an image is the resource image.\n", + "type": "boolean" + }, + "comment": { + "description": "Adds a comment.\n", + "type": "string" + }, + "id": { + "description": "Specifies the Common Vulnerability and Exposures (CVE) ID.\n", + "type": "string" + }, + "packageName": { + "description": "Specifies the source or the binary package name where the vulnerability is found.\nUse the source package name for tagging if only source package exists.\nUse the wildcard `*` for tagging all the packages.\n", + "type": "string" + }, + "resourceType": { + "$ref": "#/components/schemas/vuln.TagType" + }, + "resources": { + "description": "(Required when you define the resource type) Specifies the resources for tagging where the vulnerability is found. Either specify the resource names separated by a comma or use the wildcard `*` to apply the tag to all the resources where the vulnerability is found.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.TrustAudit": { + "description": "TrustAudit represents a trust audit", + "properties": { + "_id": { + "description": "ID is the registry-repo of the created container.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID where the audit was generated.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster where the audit was generated.\n", + "type": "string" + }, + "count": { + "description": "Count is the number of times this audit occurred.\n", + "type": "integer" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "imageID": { + "description": "ImageID is the container image id.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "msg": { + "description": "Message is the blocking message text.\n", + "type": "string" + }, + "ruleName": { + "description": "If blocked, contains the name of the rule that was applied.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.TrustAudits": { + "description": "TrustAudits represents the trust profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.TrustRegistryRepoAudits" + }, + "description": "Audits is a map from trust status (audits are only for untrusted type) to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.TrustRegistryRepoAudits": { + "description": "TrustRegistryRepoAudits represents the trust registry/repo audits per profile", + "properties": { + "audits": { + "description": "Audits are the trust audits associated with the registry/repo, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.TrustedCertSettings": { + "description": "TrustedCertSettings are settings for trusted certs", + "properties": { + "certs": { + "description": "Certs are the list of trusted certificates to use in access scenarios.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + }, + "type": "array" + }, + "checkRevocation": { + "description": "CheckRevocation indicates whether to check the certificate revocation.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether the trusted certificate feature is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.TrustedCertSignature": { + "description": "TrustedCertSignature represents a trusted cert settings", + "properties": { + "cn": { + "description": "CN is the certificate common name.\n", + "type": "string" + }, + "issuer": { + "description": "Issuer is the certificate issuer.\n", + "type": "string" + }, + "notAfter1": { + "description": "NotAfter is the certificate expiration time\nRemark: the 1 suffix required for backward compatibility (previous values were strings and cannot be serialized).\n", + "format": "date-time", + "type": "string" + }, + "notBefore1": { + "description": "NotBefore is the minimum time for which the cert is valid\nRemark: the 1 suffix required for backward compatibility (previous values were strings and cannot be serialized).\n", + "format": "date-time", + "type": "string" + }, + "raw": { + "description": "Raw is the raw certificate (in PEM format).\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.UploadScanResult": { + "description": "UploadScanResult is the result uploading the scanning result", + "properties": { + "scanId": { + "description": "ID is the scan result ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.User": { + "description": "User represents a local user in Twistlock", + "properties": { + "username": { + "description": "Name of a user.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.VMSpecification": { + "description": "VMSpecification contains information for setting up and connecting to the image", + "properties": { + "cap": { + "description": "Specifies the maximum number of images to fetch and scan, ordered by most recently modified.\n", + "type": "integer" + }, + "consoleAddr": { + "description": "Network-accessible address that Defender can use to publish scan results to Console.\n", + "type": "string" + }, + "credentialID": { + "description": "ID of the credentials in the credentials store to use for authenticating with the cloud provider.\n", + "type": "string" + }, + "enableSecureBoot": { + "description": "EnableSecureBoot indicates secure boot should be enabled for the instance launched for scanning (currently only supported with GCP).\n", + "type": "boolean" + }, + "excludedImages": { + "description": "Images to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "gcpProjectID": { + "description": "GCP project ID to use for listing VM images instead of the default associated with the GCP credential (optional).\n", + "type": "string" + }, + "imageType": { + "$ref": "#/components/schemas/common.ImageType" + }, + "images": { + "description": "The names of images to scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "instanceType": { + "description": "InstanceType is the instance type to use for the instance launched for scanning. For example, the default instance type for AWS is \"m4.large\".\n", + "type": "string" + }, + "labels": { + "description": "The labels to use to target images to scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "region": { + "description": "Cloud provider region.\n", + "type": "string" + }, + "scanners": { + "description": "Number of Defenders that can be utilized for each scan job.\n", + "type": "integer" + }, + "subnetID": { + "description": "SubnetID is the network subnet ID to use for the instance launched for scanning. Default value is empty string, which represents the default subnet in the VPC.\n", + "type": "string" + }, + "vpcID": { + "description": "VPCID is the network VPC ID to use for the instance launched for scanning. Default value is empty string, which represents the default VPC in the region.\n", + "type": "string" + }, + "zone": { + "description": "Cloud provider zone (part of a region). On GCP, designates in which zone to deploy the VM scan instance.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.VMSpecifications": { + "description": "VMSpecifications is a list of VM specifications", + "items": { + "$ref": "#/components/schemas/shared.VMSpecification" + }, + "type": "array" + }, + "shared.VaultSecret": { + "description": "VaultSecret represents a secret held by a secret store", + "properties": { + "folder": { + "description": "Folder is one of the following:\nCyberark: Name of the folder for secrets held in Cyberark store\nHashicorp: The directory path for secrets held in Hashicorp store\nAWS: The name of the secret in AWS Secrets Manager or AWS Parameter Store.\n", + "type": "string" + }, + "key": { + "description": "Key is the secret's identifier in the secrets store.\n", + "type": "string" + }, + "name": { + "description": "Name is the name of the secret as input from the user.\n", + "type": "string" + }, + "safe": { + "description": "Safe is the name of the safe, for secrets held in Cyberark store.\n", + "type": "string" + }, + "store": { + "description": "Store is the name of the secrets store where the secret is held.\n", + "type": "string" + }, + "value": { + "$ref": "#/components/schemas/common.Secret" + }, + "version": { + "description": "Version is the Azure secret version.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.WildFirePolicy": { + "description": "WildFirePolicy is the global wildfire usage policy, set by the client", + "properties": { + "agentlessEnabled": { + "description": "AgentlessEnabled indicates whether agentless scan will consult WF.\n", + "type": "boolean" + }, + "complianceEnabled": { + "description": "ComplianceEnabled indicates whether compliance malware scan will consult WF.\n", + "type": "boolean" + }, + "graywareAsMalware": { + "description": "GraywareAsMalware indicates whether files with WF verdict of Grayware will be treated as malware.\n", + "type": "boolean" + }, + "region": { + "description": "Region is the WF server region to query.\n", + "type": "string" + }, + "runtimeEnabled": { + "description": "RuntimeEnabled indicates whether runtime malware scan will consult WF.\n", + "type": "boolean" + }, + "uploadEnabled": { + "description": "UploadEnabled indicates whether files will be uploaded to WF.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.WildFireSettings": { + "description": "WildFireSettings are the settings for WildFire API requests", + "properties": { + "apiKey": { + "description": "APIKey is the key identifier used for WF APIs.\n", + "type": "string" + }, + "apiKeyExpiration": { + "description": "APIKeyExpiration is the expiration time of the API key.\n", + "format": "date-time", + "type": "string" + }, + "lastError": { + "description": "LastError is the last error that occurred when trying to create/update the wildfire key.\n", + "type": "string" + }, + "policy": { + "$ref": "#/components/schemas/shared.WildFirePolicy" + } + }, + "type": "object" + }, + "string": { + "type": "string" + }, + "time.Duration": { + "format": "int64", + "type": "integer" + }, + "time.Time": { + "format": "date-time", + "type": "string" + }, + "trust.Data": { + "description": "Data holds the image trust data", + "properties": { + "groups": { + "description": "Groups are the trust groups.\n", + "items": { + "$ref": "#/components/schemas/trust.Group" + }, + "type": "array" + }, + "policy": { + "$ref": "#/components/schemas/trust.Policy" + } + }, + "type": "object" + }, + "trust.Group": { + "description": "Group represents a group of images", + "properties": { + "_id": { + "description": "Name of the group.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "images": { + "description": "Image names or IDs (e.g., docker.io/library/ubuntu:16.04 / SHA264@...).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Filesystem layers. The image is trusted if its layers have a prefix of the trusted groups layer in the same order.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "trust.HostStatus": { + "description": "HostStatus represents an image trust status on a host", + "properties": { + "host": { + "description": "Host name.\n", + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/trust.Status" + } + }, + "type": "object" + }, + "trust.ImageResult": { + "description": "ImageResult represents an aggregated image trust result", + "properties": { + "groups": { + "description": "Trust groups which apply to the image.\n", + "items": { + "$ref": "#/components/schemas/trust.Group" + }, + "type": "array" + }, + "hostsStatuses": { + "description": "Image trust status on each host. Can be set to \"trusted\" or \"untrusted\".\n", + "items": { + "$ref": "#/components/schemas/trust.HostStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "trust.Policy": { + "description": "Policy represents the trust policy", + "properties": { + "_id": { + "description": "ID is the trust group policy ID.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the policy is enabled.\n", + "type": "boolean" + }, + "rules": { + "description": "Rules is the list of rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/trust.PolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "trust.PolicyRule": { + "description": "PolicyRule represents an trust policy rule", + "properties": { + "allowedGroups": { + "description": "AllowedGroups are the ids of the groups that are whitelisted by this rule.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blockMsg": { + "$ref": "#/components/schemas/common.PolicyBlockMsg" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "deniedGroups": { + "description": "DeniedGroups are the ids of the groups that are blacklisted by this rule.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "trust.Status": { + "description": "Status is the trust status for an image", + "enum": [ + [ + "trusted", + "untrusted" + ] + ], + "type": "string" + }, + "types.AccessStats": { + "description": "AccessStats are stats for the access flows", + "properties": { + "docker": { + "$ref": "#/components/schemas/types.AccessStatsCount" + }, + "sshd": { + "$ref": "#/components/schemas/types.AccessStatsCount" + }, + "sudo": { + "$ref": "#/components/schemas/types.AccessStatsCount" + } + }, + "type": "object" + }, + "types.AccessStatsCount": { + "description": "AccessStatsCount stores the total amount of access audits", + "properties": { + "allowed": { + "description": ".\n", + "type": "integer" + }, + "denied": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.AgentlessHostStatus": { + "description": "AgentlessHostStatus holds the status of a host handled by an agentless scan", + "properties": { + "account": { + "description": "Account is the cloud account the host belongs to.\n", + "type": "string" + }, + "availabilityDomain": { + "description": "AvailabilityDomain is the host availability domain.\n", + "type": "string" + }, + "category": { + "description": "Category indicates the status category.\n", + "type": "string" + }, + "cause": { + "description": "Cause describes what caused the error category.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of the matched collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "createdAt": { + "description": "CreatedAt is the time when the instance was launched.\n", + "format": "date-time", + "type": "string" + }, + "details": { + "description": "Details provides more information about status.\n", + "type": "string" + }, + "detectedDuring": { + "$ref": "#/components/schemas/shared.AISOperationType" + }, + "excludedTags": { + "description": "ExcludedTags lists of exclude tags cause the host to be excluded from the scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname is the hostname. E.g. \"ip-192-0-2-0\" or \"custom\".\n", + "type": "string" + }, + "includedTags": { + "description": "IncludedTags lists of include tags cause the host to be excluded from the scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the host's cloud name e.g. \"dimako-test\".\n", + "type": "string" + }, + "ociCompartment": { + "description": "OCICompartment is the compartment the instance belongs to (OCI only).\n", + "type": "string" + }, + "recommendation": { + "description": "Recommendation provides suggestions for possible fixes.\n", + "type": "string" + }, + "region": { + "description": "Region is the region the host belongs to.\n", + "type": "string" + }, + "regionError": { + "description": "RegionError indicates the status origin is a region error.\n", + "type": "boolean" + }, + "resourceID": { + "description": "Unique ID of the resource.\n", + "type": "string" + }, + "scanID": { + "description": "ScanID indicates the scan id in which the status was collected.\n", + "type": "integer" + }, + "scanTime": { + "description": "ScanTime indicates the scan time of the host.\n", + "format": "date-time", + "type": "string" + }, + "source": { + "description": "Source is details on where the status was collected.\n", + "type": "string" + }, + "vmTags": { + "description": "VMTags are the tags of the VM instance.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.AgentlessResourceTemplatesRequest": { + "description": "AgentlessResourceTemplatesRequest is the agentless resource templates request for populating\ntemplates that are needed to be applied prior to an agentless scan with the credential", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "(Required) Specifies the ID for which the templates are generated.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.AlertProfileOption": { + "description": "AlertProfileOption describes options available for configuring an alert type", + "properties": { + "alertType": { + "$ref": "#/components/schemas/api.AlertType" + }, + "hasPolicy": { + "description": "HasPolicy defines whether the alerts are triggered by policy (e.g., this is false for defender alerts).\n", + "type": "boolean" + }, + "name": { + "description": "Name is the display name for the option.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the rule names for the policy associated with this alert type (only relevant if HasPolicy is true).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "supportedClients": { + "description": "SupportedClients are the supported alert clients for this alert (e.g., jira, email).\n", + "items": { + "$ref": "#/components/schemas/api.AlertClientType" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.AllDefendersUsage": { + "description": "AllDefendersUsage holds stats about the usage of different modules and the sample time", + "properties": { + "appEmbedded": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "container": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "containerAgentless": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "host": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "hostAgentless": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "period": { + "description": "Period is the date beginning of the usage period.\n", + "format": "date-time", + "type": "string" + }, + "remainingCredits": { + "description": "RemainingCredits is the amount of credits left at the beginning of the period.\n", + "type": "integer" + }, + "serverless": { + "$ref": "#/components/schemas/types.ServerlessUsage" + }, + "waas": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "waasOutOfBand": { + "$ref": "#/components/schemas/types.DefenderUsage" + } + }, + "type": "object" + }, + "types.AppFirewallAttackCount": { + "description": "AppFirewallAttackCount holds app firewall attack type and the amount of audits", + "properties": { + "count": { + "description": "Count is the count for the attack type.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/waas.AttackType" + } + }, + "type": "object" + }, + "types.AppFirewallStats": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "AppFirewallStats are the daily stats for app firewall audits\nTODO #20802 - replace string key with WAAS attack type type when mongo changed to avoid encoding map keys without stringer", + "type": "object" + }, + "types.ArtifactoryWebhookRequest": { + "description": "ArtifactoryWebhookRequest is an artifactory webhook request\nArtifactory doesn't have native webhook support, instead it comes as a plugin\nhttps://github.com/jfrog/artifactory-user-plugins/tree/master/webhook\nThe relevant fields in the this struct were reverse engineered from the webhook groovy code and from the fields that were sent by a real artifactory environment", + "type": "object" + }, + "types.AssetsSummary": { + "properties": { + "containerImages": { + "$ref": "#/components/schemas/types.ImageAssetsSummary" + }, + "hosts": { + "$ref": "#/components/schemas/types.HostAssetsSummary" + } + }, + "type": "object" + }, + "types.AttackTechniqueStats": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "AttackTechniqueStats represents statistics grouped by attack technique", + "type": "object" + }, + "types.AuditTimeslice": { + "description": "AuditTimeslice counts the number of audit events for a given time period", + "properties": { + "count": { + "description": "Count is the number of audit occurrences.\n", + "type": "integer" + }, + "end": { + "description": "End is the end time of the bucket.\n", + "format": "date-time", + "type": "string" + }, + "start": { + "description": "Start is the start time of the bucket.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.AvailableVulnerabilities": { + "description": "AvailableVulnerabilities contains all available vulnerabilities types", + "properties": { + "complianceVulnerabilities": { + "description": "Compliance is the list of all available compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "cveVulnerabilities": { + "description": "CVE is all available cve vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.BFFHostQueryOptions": { + "properties": { + "hasVulnerabilities": { + "description": ".\n", + "type": "boolean" + }, + "limit": { + "description": ".\n", + "type": "integer" + }, + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "offset": { + "description": ".\n", + "type": "integer" + }, + "reverse": { + "description": ".\n", + "type": "boolean" + }, + "search": { + "description": ".\n", + "type": "string" + }, + "sort": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BFFImageQueryOptions": { + "properties": { + "hasRunningContainers": { + "description": ".\n", + "type": "boolean" + }, + "hasVulnerabilities": { + "description": ".\n", + "type": "boolean" + }, + "limit": { + "description": ".\n", + "type": "integer" + }, + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "offset": { + "description": ".\n", + "type": "integer" + }, + "reverse": { + "description": ".\n", + "type": "boolean" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "search": { + "description": ".\n", + "type": "string" + }, + "sort": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BFFPaginatedResponse": { + "description": "BFFPaginatedResponse is the paginated response", + "properties": { + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "total": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.BaseImage": { + "description": "BaseImage represents an image which is defined as a base image", + "properties": { + "creationTime": { + "description": "CreationTime is the time when the image was created.\n", + "format": "date-time", + "type": "string" + }, + "imageName": { + "description": "ImageName is the image name repository:tag.\n", + "type": "string" + }, + "topLayer": { + "description": "TopLayer is the SHA256 of the image's last filesystem layer.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BaseImagesRule": { + "description": "BaseImagesRule holds the base images defined by a single scope", + "properties": { + "_id": { + "description": "Pattern is the scope configuration identification, e.g. image name regex pattern.\n", + "type": "string" + }, + "description": { + "description": "Description is the base images scope description.\n", + "type": "string" + }, + "images": { + "description": "Images holds the base images which matches the scope configuration, capped to 50 image digests per scope.\n", + "items": { + "$ref": "#/components/schemas/types.BaseImage" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.BffQueryPermissions": { + "description": "BffQueryPermissions are user permissions", + "type": "object" + }, + "types.CSAPairingSettings": { + "description": "CSAPairingSettings is the settings which are received from the CSA during the pairing process", + "properties": { + "apiKey": { + "description": "APIKey is the key to call the CSA API.\n", + "type": "string" + }, + "apiKeyID": { + "description": "APIKeyID is the key ID to call the CSA API.\n", + "type": "string" + }, + "apiURL": { + "description": "APIURL is the CSA API URL.\n", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the fully qualified domain name of CSA tenant.\n", + "type": "string" + }, + "gcpBucketName": { + "description": "GCPBucketName is the name of the GCP bucket.\n", + "type": "string" + }, + "pubSubSubscription": { + "description": "PubSubSubscription is the subscription name to the pub/sub.\n", + "type": "string" + }, + "pubSubSubscriptionDebug": { + "description": "PubSubSubscriptionDebug is the subscription name to the pub/sub for debugging purposes.\n", + "type": "string" + }, + "region": { + "description": "Region is the (GCP) region where the tenant is deployed.\n", + "type": "string" + }, + "serviceAccountKey": { + "description": "ServiceAccountKey is the service account to the pub/sub and bucket.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CSAStatus": { + "description": "CSAStatus is the CSA status", + "properties": { + "tenantURL": { + "description": "TenantURL is the CSA tenant URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CVEStats": { + "description": "CVEStats represents statistics about a CVE type", + "properties": { + "count": { + "description": "Count is the number of CVEs from the specific type.\n", + "type": "integer" + }, + "distro": { + "description": "Distro is the impacted image distro (e.g., ubuntu).\n", + "type": "string" + }, + "distro_release": { + "description": "DistroRelase is the impacted image distro release (bionic).\n", + "type": "string" + }, + "modified": { + "description": "Modified is the max unix timestamp for the specific CVE.\n", + "format": "int64", + "type": "integer" + }, + "type": { + "description": "Type is the vulnerability type.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CVEVulnerability": { + "description": "CVEVulnerability holds data on package and files vulnerabilities", + "properties": { + "affected_cpes": { + "$ref": "#/components/schemas/vulnerability.RHELCpeHashes" + }, + "affected_cpes_uuid": { + "description": "AffectedCpesUUID is used to create unique records for vulnerabilities that only differ in their affected CPEs.\n", + "type": "string" + }, + "app_vuln_id": { + "description": "AppVulnID is the unique ID of the application vulnerability (app+cve+internal custom ID).\n", + "type": "string" + }, + "archs": { + "$ref": "#/components/schemas/vulnerability.CPUArchs" + }, + "conditions": { + "$ref": "#/components/schemas/vulnerability.Conditions" + }, + "cpe_ids": { + "$ref": "#/components/schemas/vulnerability.CpeIDs" + }, + "custom": { + "description": "Custom indicates if this is a custom vulnerability.\n", + "type": "boolean" + }, + "cve": { + "description": ".\n", + "type": "string" + }, + "cvss": { + "description": ".\n", + "format": "float", + "type": "number" + }, + "description": { + "description": "Description is the vulnerability description.\n", + "type": "string" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "distro_release": { + "description": ".\n", + "type": "string" + }, + "exploit": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "fixDate": { + "description": "FixDate is the date this CVE was fixed (unix timestamp).\n", + "format": "int64", + "type": "integer" + }, + "go_package": { + "description": "GoPackage indicates a Go vulnerability at package-level and holds the package import path.\n", + "type": "string" + }, + "jar_identifier": { + "description": "JarIdentifier holds an additional identification detail of the vulnerable JAR.\n", + "type": "string" + }, + "link": { + "description": "Link is the link for information about the vulnerability (used for custom vulnerabilities).\n", + "type": "string" + }, + "link_id": { + "description": "LinkID is the ID required to construct the vendor link to the CVE.\n", + "type": "string" + }, + "modified": { + "description": "Modified is the last time this CVE was modified (unix timestamp).\n", + "format": "int64", + "type": "integer" + }, + "non_vulnerable": { + "description": "NonVulnerable indicates that the CVE in not vulnerable on its own, but only when it comes together with conditional combination of CVE.\n", + "type": "boolean" + }, + "package": { + "description": ".\n", + "type": "string" + }, + "rh_general_cvss": { + "description": "RHGeneralScore is the Red Hat's general CVSS score of this CVE.\n", + "type": "string" + }, + "rh_general_severity": { + "description": "RHGeneralSeverity is the Red Hat's general severity of this CVE.\n", + "type": "string" + }, + "rules": { + "$ref": "#/components/schemas/vulnerability.Rules" + }, + "running_on_with": { + "description": "RunningOnWith is NVD \"running On/With\" conditions.\n", + "type": "string" + }, + "security_repo_pkg": { + "description": "SecurityRepoPkg determines if the package belongs to a security repository (e.g. bullseye-security).\n", + "type": "boolean" + }, + "severity": { + "description": ".\n", + "type": "string" + }, + "status": { + "description": "Status is the official vendor state for the CVE.\n", + "type": "string" + }, + "symbols": { + "$ref": "#/components/schemas/vulnerability.Symbols" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.CVEType" + }, + "vecStr": { + "description": "VectorString is the NVD vulnerability string.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CertData": { + "description": "CertData is used to add a custom certificate to the product", + "properties": { + "certificate": { + "description": "Data is the certificate pem data.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CertSettings": { + "description": "CertSettings are the certificates settings", + "properties": { + "caExpiration": { + "description": "CAExpiration holds the expiration date of the CA cert.\n", + "format": "date-time", + "type": "string" + }, + "consoleSAN": { + "description": "ConsoleSAN if specified, use this list as the SAN for the console server certificate. Used for websocket and API.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defenderOldCAExpiration": { + "description": "DefenderOldCAExpiration holds the expiration time of the defender old CA cert.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.CertificateSettings": { + "description": "CertificateSettings are the certificate settings", + "properties": { + "accessCaCert": { + "description": "AccessCACert is a custom CA certificate.\n", + "type": "string" + }, + "certificatePeriodDays": { + "description": "CertificatePeriodDays is the certificates period in days.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.CloudComputeInfo": { + "description": "CloudComputeInfo holds some fields from the compute structure that may be contained in the raw cloud info", + "properties": { + "vmId": { + "description": "VMID (\"vmId\") is a field used in Azure raw struct.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CloudInfo": { + "description": "CloudInfo holds cloud information of a CSA agent\nTODO #CWP-52951: - Cortex should send us normalized cloud attributes instead of raw data.", + "properties": { + "cloud_provider": { + "$ref": "#/components/schemas/types.CloudProvider" + }, + "raw": { + "$ref": "#/components/schemas/types.CloudRawInfo" + } + }, + "type": "object" + }, + "types.CloudProvider": { + "description": "CloudProvider identifies a cloud provider in the CSA Endpoints API", + "enum": [ + [ + "AWS", + "GCP", + "Azure" + ] + ], + "type": "string" + }, + "types.CloudProviders": { + "items": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "type": "array" + }, + "types.CloudRawInfo": { + "description": "CloudRawInfo holds some fields that may appear in the raw cloud info, depending on cloud provider\nTODO #CWP-52951: - Cortex should send us normalized cloud attributes instead of raw data.", + "properties": { + "compute": { + "$ref": "#/components/schemas/types.CloudComputeInfo" + }, + "id": { + "description": "ID (\"id\") is a field used in GCP raw struct.\n", + "type": "string" + }, + "instance-id": { + "description": "InstanceID (\"instance-id\") is a field used in AWS raw struct.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ClusterRadarInfo": { + "description": "ClusterRadarInfo contains cluster information to display on the radar", + "properties": { + "cloudProivder": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "hostCount": { + "description": "HostCount is the number of host running the cluster.\n", + "type": "integer" + }, + "name": { + "description": "Name of the cluster.\n", + "type": "string" + }, + "namespaceCount": { + "description": "Namespace is the number of namespace in the cluster.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ComplianceCategoryStats": { + "description": "ComplianceCategoryStats holds data regarding a compliance category", + "properties": { + "failed": { + "description": "Failed is the count of impacted resources by the category IDs.\n", + "type": "integer" + }, + "name": { + "$ref": "#/components/schemas/vuln.ComplianceCategory" + }, + "total": { + "description": "Total is the count of evaluations of category IDs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ComplianceDailyStats": { + "description": "ComplianceDailyStats is the compliance daily stats", + "properties": { + "_id": { + "description": "Date holds the date the data was collected.\n", + "type": "string" + }, + "distribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "modified": { + "description": "Modified is the time the data was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.ComplianceIDStats": { + "description": "ComplianceIDStats holds data regarding applied compliance ID", + "properties": { + "benchmarkID": { + "description": "BenchmarkID is the benchmark ID.\n", + "type": "string" + }, + "category": { + "$ref": "#/components/schemas/vuln.ComplianceCategory" + }, + "description": { + "description": "Description is the compliance description.\n", + "type": "string" + }, + "failed": { + "description": "Failed is the number of occurrences of compliance ID in resources.\n", + "type": "integer" + }, + "id": { + "description": "ID is the compliance ID.\n", + "type": "integer" + }, + "severity": { + "description": "Severity is the compliance severity.\n", + "type": "string" + }, + "templateTitle": { + "description": "TemplateTitle is the template title.\n", + "type": "string" + }, + "total": { + "description": "Total is the count of resources evaluated with the compliance.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.Type" + } + }, + "type": "object" + }, + "types.ComplianceStats": { + "description": "ComplianceStats holds compliance data", + "properties": { + "categories": { + "description": "Compliance stats by category.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceCategoryStats" + }, + "type": "array" + }, + "daily": { + "description": "Daily compliance stats.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceDailyStats" + }, + "type": "array" + }, + "ids": { + "description": "Compliance data by check ID.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceIDStats" + }, + "type": "array" + }, + "rules": { + "description": "Compliance stats by policy rules.\n", + "items": { + "$ref": "#/components/schemas/types.RuleComplianceStats" + }, + "type": "array" + }, + "templates": { + "description": "Compliance stats by template.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceTemplateStats" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ComplianceTemplateStats": { + "description": "ComplianceTemplateStats holds data regarding a compliance template", + "properties": { + "failed": { + "description": "Failed is the count of impacted resources by the template IDs.\n", + "type": "integer" + }, + "name": { + "$ref": "#/components/schemas/vuln.ComplianceTemplate" + }, + "total": { + "description": "Total is the count of evaluations of template IDs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ConsoleAuthResponse": { + "description": "ConsoleAuthResponse represents the console certificates authentication response", + "properties": { + "role": { + "description": "UserRole is the authenticated user role.\n", + "type": "string" + }, + "token": { + "description": "Token is the console authentication response token.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ConsoleCertificateSettings": { + "description": "ConsoleCertificateSettings are the console certificate settings", + "properties": { + "checkRevocation": { + "description": "CheckRevocation indicates whether cert revocation status is required.\n", + "type": "boolean" + }, + "consoleCaCert": { + "description": "ConsoleCACert is a custom CA certificate for the console.\n", + "type": "string" + }, + "consoleCustomCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "hpkp": { + "$ref": "#/components/schemas/types.HPKPSettings" + } + }, + "type": "object" + }, + "types.ContainerRadarData": { + "description": "ContainerRadarData represent all data relevant to the network radar", + "properties": { + "containerCount": { + "description": "ContainerCount is the total number of containers.\n", + "type": "integer" + }, + "radar": { + "description": "Radar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/types.ContainerRadarEntity" + }, + "type": "array" + }, + "radarSubnets": { + "description": "RadarSubnets holds all the radar subnets.\n", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ContainerRadarEntity": { + "description": "ContainerRadarEntity is the extended container radar entity (include presentation metadata)", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether this container was scanned by the agentless scanner.\n", + "type": "boolean" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "appFirewallAttackCounts": { + "description": "AppFirewallAttackCounts is the counts for the app firewall attacks.\n", + "items": { + "$ref": "#/components/schemas/types.AppFirewallAttackCount" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "containerCount": { + "description": "ContainerCount is the amount of containers per entity.\n", + "type": "integer" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "dns": { + "description": "DNS states whether this is a DNS node.\n", + "type": "boolean" + }, + "filesystemCount": { + "description": ".\n", + "type": "integer" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "hasDNSConnection": { + "description": "HasDNSConnection states whether the node has DNS connection.\n", + "type": "boolean" + }, + "hostCount": { + "description": ".\n", + "type": "integer" + }, + "hostname": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the entity's image ID.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the entity's image name.\n", + "type": "string" + }, + "imageNames": { + "description": "ImageNames are the names of the image associated with the radar entity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents.\n", + "type": "integer" + }, + "incomingConnections": { + "description": "IncomingConnections are the radar entity incoming connections.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerRadarIncomingConnection" + }, + "type": "array" + }, + "internet": { + "$ref": "#/components/schemas/shared.InternetConnections" + }, + "istio": { + "description": "Istio states whether it is an istio-monitored entity.\n", + "type": "boolean" + }, + "istioAuthorizationPolicies": { + "description": "IstioAuthorizationPolicies are the Istio authorization policies.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicy" + }, + "type": "array" + }, + "k8s": { + "$ref": "#/components/schemas/shared.ProfileKubernetesData" + }, + "label": { + "description": "Label is the entity's label.\n", + "type": "string" + }, + "labels": { + "description": "Labels are the radar entity labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "learning": { + "description": "Learning indicates whether the runtime profile associated with the entity is in learning state.\n", + "type": "boolean" + }, + "namespace": { + "description": "Namespace is the kubernetes namespace the entity belongs to (for kubernetes type).\n", + "type": "string" + }, + "networkCount": { + "description": ".\n", + "type": "integer" + }, + "processesCount": { + "description": ".\n", + "type": "integer" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "region": { + "description": "Region is the cloud provider region.\n", + "type": "string" + }, + "resolved": { + "description": "Resolved indicates if the entity has all data resolved or just contains the ID and hash, used to indicate if the console should be updated on entity resolving.\n", + "type": "boolean" + }, + "serviceIP": { + "description": "ServiceIP the ip of the kubernetes service (for kubernetes type).\n", + "type": "string" + }, + "serviceName": { + "description": "ServiceName is kubernetes service the entity belongs to (for kubernetes type).\n", + "type": "string" + }, + "servicePorts": { + "description": "ServicePorts are the ports the kubernetes service exposes (for kubernetes type).\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "shouldSkipNetwork": { + "description": "ShouldSkipNetwork indicates whether network monitoring for this container should be skipeed or not.\n", + "type": "boolean" + }, + "subnetConnections": { + "$ref": "#/components/schemas/shared.SubnetConnections" + }, + "type": { + "$ref": "#/components/schemas/shared.EntityType" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "waasStats": { + "$ref": "#/components/schemas/waas.MonitoringStats" + } + }, + "type": "object" + }, + "types.Count": { + "properties": { + "value": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.CredentialUsage": { + "description": "CredentialUsage represents a single credential usage", + "properties": { + "description": { + "description": "Resource description (e.g., repository name for registry scan).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cred.UsageType" + } + }, + "type": "object" + }, + "types.DefenderSummary": { + "description": "DefenderSummary is a summary for a type of defender", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "connected": { + "description": "Connected counts how many defenders are connected for this category.\n", + "type": "integer" + }, + "deployed": { + "description": "Deployed counts how many defenders are deployed for this category.\n", + "type": "integer" + }, + "licensed": { + "description": "Licensed counts how many defenders are licensed for this category.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.DefenderUsage": { + "description": "DefenderUsage holds the number of defenders and the credits used for a specific defender type", + "properties": { + "creditCount": { + "description": "CreditCount is credits that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "defendersCount": { + "description": "DefendersCount is the number of defenders that was used for this defender type.\n", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "types.DefendersVersionCount": { + "description": "DefendersVersionCount holds the defenders count per each version", + "properties": { + "count": { + "description": "Defenders count per version.\n", + "type": "integer" + }, + "version": { + "description": "Release version.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.DiscoveredVM": { + "description": "DiscoveredVM represents the information about the instance, fetched from the cloud compute interface", + "properties": { + "_id": { + "description": "ID is the instance id. E.g. \"i-5cd23551\".\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud provider account ID.\n", + "type": "string" + }, + "architecture": { + "description": "Architecture is the architecture of the image.\n", + "type": "string" + }, + "arn": { + "description": "The Amazon Resource Name (ARN) assigned to the instance.\n", + "type": "string" + }, + "awsSubnetID": { + "description": "AWSSubnetID is the ID of the subnet associated with the VM (AWS only).\n", + "type": "string" + }, + "awsVPCID": { + "description": "AWSVPCID is the ID of the VPC associated with the VM (AWS only).\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster name that is associated with the vm.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of the matched collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "createdAt": { + "description": "CreatedAt is the time when the instance was launched.\n", + "format": "date-time", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the host's fully qualified domain name . E.g. \"ip-192-0-2-0.us-east-2.compute.internal\".\n", + "type": "string" + }, + "hasDefender": { + "description": "HasDefender indicates that the instance has a defender installed on it.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the hostname. E.g. \"ip-192-0-2-0\" or \"custom\".\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the ID of the AMI used to launch the instance. E.g. \"ami-35501205\".\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the name of the AMI used to launch the instance.\n", + "type": "string" + }, + "name": { + "description": "Name is the instance name.\n", + "type": "string" + }, + "os": { + "description": "OS is the Operating System installed on the instance.\n", + "type": "string" + }, + "osInfo": { + "$ref": "#/components/schemas/common.OSDistroInfo" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region the VM is located at.\n", + "type": "string" + }, + "tags": { + "description": "Tags are the tags of the VM instance.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "timestamp": { + "description": "Timestamp is the time in which the instance info was fetched.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.EcsTaskDefinitionOptions": { + "description": "EcsTaskDefinitionOptions holds the ecs deployment options", + "properties": { + "annotations": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Annotations is mapping of key-value pairs of annotations metadata - optional.\n", + "type": "object" + }, + "bottlerocket": { + "description": "Bottlerocket indicates whether to be deployed on a Bottlerocket Linux OS.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the kubernetes or ecs cluster name.\n", + "type": "string" + }, + "clusterNameResolvingMethod": { + "description": "ClusterNameResolvingMethod is the method used to resolve the cluster name, could be default, manual or api-server.\n", + "type": "string" + }, + "collectPodLabels": { + "description": "CollectPodLabels indicates whether to collect pod related labels resource labels.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address for defender communication.\n", + "type": "string" + }, + "containerRuntime": { + "$ref": "#/components/schemas/common.ContainerRuntime" + }, + "cpuLimit": { + "description": "CPULimit is the cpu limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "dockerSocketPath": { + "description": "DockerSocketPath is the path of the docker socket file.\n", + "type": "string" + }, + "gkeAutopilot": { + "description": "GKEAutopilot indicates the deployment is requested for GKE Autopilot.\n", + "type": "boolean" + }, + "hostCustomComplianceEnabled": { + "description": "HostCustomComplianceEnabled indicates whether host custom compliance checks are enabled.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the full daemonset image name.\n", + "type": "string" + }, + "istio": { + "description": "MonitorIstio indicates whether to monitor Istio.\n", + "type": "boolean" + }, + "memoryLimit": { + "description": "MemoryLimit is a memory limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "namespace": { + "description": "Namespace is the target deamonset namespaces.\n", + "type": "string" + }, + "nodeSelector": { + "description": "NodeSelector is a key/value node selector.\n", + "type": "string" + }, + "orchestration": { + "description": "Orchestration is the orchestration type.\n", + "type": "string" + }, + "priorityClassName": { + "description": "PriorityClassName is the name of the priority class for the defender - optional.\n", + "type": "string" + }, + "privileged": { + "description": "Privileged indicates whether to run defenders as privileged.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "roleARN": { + "description": "RoleARN is the role's ARN to associate with the created service account - optional.\n", + "type": "string" + }, + "secretsname": { + "description": "SecretsName is the name of the secret to pull.\n", + "type": "string" + }, + "selinux": { + "description": "SelinuxEnforced indicates whether selinux is enforced on the target host.\n", + "type": "boolean" + }, + "serviceaccounts": { + "description": "MonitorServiceAccounts indicates whether to monitor service accounts.\n", + "type": "boolean" + }, + "talos": { + "description": "Talos indicates if the daemonset is to be deployed on a Talos Linux k8s cluster.\n", + "type": "boolean" + }, + "taskName": { + "description": "TaskName is the name used for the task definition.\n", + "type": "string" + }, + "tolerations": { + "description": "Tolerations is a list of tolerations for the defender deamonset - optional.\n", + "items": { + "$ref": "#/components/schemas/common.Toleration" + }, + "type": "array" + }, + "uniqueHostname": { + "description": "UniqueHostname indicates whether to assign unique hostnames.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Endpoint": { + "description": "Endpoint represents a Cortex XDR agent", + "properties": { + "active_directory": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "alias": { + "description": ".\n", + "type": "string" + }, + "assigned_extensions_policy": { + "description": ".\n", + "type": "string" + }, + "assigned_prevention_policy": { + "description": ".\n", + "type": "string" + }, + "cloud_info": { + "$ref": "#/components/schemas/types.CloudInfo" + }, + "cloud_labels": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cloud_provider_account_id": { + "description": ".\n", + "type": "string" + }, + "cloud_security_agent_capable": { + "description": ".\n", + "type": "boolean" + }, + "cloud_security_agent_mode": { + "description": ".\n", + "type": "boolean" + }, + "cluster_name": { + "description": ".\n", + "type": "string" + }, + "content_release_timestamp": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "content_status": { + "description": ".\n", + "type": "string" + }, + "content_version": { + "description": ".\n", + "type": "string" + }, + "domain": { + "description": ".\n", + "type": "string" + }, + "endpoint_id": { + "description": "EndpointID is the Endpoint unique identifier.\n", + "type": "string" + }, + "endpoint_name": { + "description": "EndpointName is the hostname.\n", + "type": "string" + }, + "endpoint_status": { + "description": ".\n", + "type": "string" + }, + "endpoint_type": { + "description": ".\n", + "type": "string" + }, + "endpoint_version": { + "description": ".\n", + "type": "string" + }, + "first_seen": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "group_name": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "install_date": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "installation_package": { + "description": ".\n", + "type": "string" + }, + "ip": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ipv6": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "is_isolated": { + "description": ".\n", + "type": "string" + }, + "isolated_date": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "last_content_update_time": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "last_seen": { + "description": "LastSeen is the last time the Endpoint was seen connected (UTC epoch milliseconds).\n", + "format": "int64", + "type": "integer" + }, + "mac_address": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "operating_system": { + "description": ".\n", + "type": "string" + }, + "operational_status": { + "description": ".\n", + "type": "string" + }, + "operational_status_description": { + "description": ".\n", + "type": "string" + }, + "operational_status_details": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.OperationalStatusDetail" + }, + "type": "array" + }, + "os_type": { + "description": ".\n", + "type": "string" + }, + "os_version": { + "description": ".\n", + "type": "string" + }, + "public_ip": { + "description": ".\n", + "type": "string" + }, + "scan_status": { + "description": ".\n", + "type": "string" + }, + "tags": { + "$ref": "#/components/schemas/types.Tags" + }, + "token_hash": { + "description": ".\n", + "type": "string" + }, + "users": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.EventStats": { + "description": "EventStats holds counters for all event types", + "properties": { + "admissionAudits": { + "description": ".\n", + "type": "integer" + }, + "agentlessAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "appEmbeddedAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "appEmbeddedRuntime": { + "description": ".\n", + "type": "integer" + }, + "containerAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "containerNetworkFirewall": { + "description": ".\n", + "type": "integer" + }, + "containerRuntime": { + "description": ".\n", + "type": "integer" + }, + "containerSecurityEvents": { + "description": "Cloud Security Agent event stats.\n", + "type": "integer" + }, + "dockerAccess": { + "description": ".\n", + "type": "integer" + }, + "fileIntegrity": { + "description": ".\n", + "type": "integer" + }, + "hostActivities": { + "description": ".\n", + "type": "integer" + }, + "hostAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "hostNetworkFirewall": { + "description": ".\n", + "type": "integer" + }, + "hostRuntime": { + "description": ".\n", + "type": "integer" + }, + "hostSecurityEvents": { + "description": ".\n", + "type": "integer" + }, + "kubernetesAudits": { + "description": ".\n", + "type": "integer" + }, + "logInspection": { + "description": ".\n", + "type": "integer" + }, + "serverlessAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "serverlessRuntime": { + "description": ".\n", + "type": "integer" + }, + "trustAudits": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.Group": { + "description": "Group represents a console group", + "properties": { + "_id": { + "description": "Group name.\n", + "type": "string" + }, + "groupId": { + "description": "Group identifier in the Azure SAML identification process.\n", + "type": "string" + }, + "groupName": { + "description": "Group name.\n", + "type": "string" + }, + "lastModified": { + "description": "Datetime when the group was created or last modified.\n", + "format": "date-time", + "type": "string" + }, + "ldapGroup": { + "description": "Indicates if the group is an LDAP group (true) or not (false).\n", + "type": "boolean" + }, + "oauthGroup": { + "description": "Indicates if the group is an OAuth group (true) or not (false).\n", + "type": "boolean" + }, + "oidcGroup": { + "description": "Indicates if the group is an OpenID Connect group (true) or not (false).\n", + "type": "boolean" + }, + "owner": { + "description": "User who created or modified the group.\n", + "type": "string" + }, + "permissions": { + "$ref": "#/components/schemas/api.Permissions" + }, + "role": { + "description": "Role of the group.\n", + "type": "string" + }, + "samlGroup": { + "description": "Indicates if the group is a SAML group (true) or not (false).\n", + "type": "boolean" + }, + "user": { + "description": "Users in the group.\n", + "items": { + "$ref": "#/components/schemas/shared.User" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.Groups": { + "description": "Groups represents a list of groups", + "items": { + "$ref": "#/components/schemas/types.Group" + }, + "type": "array" + }, + "types.HPKPSettings": { + "description": "HPKPSettings represents the public key pinning settings", + "properties": { + "certs": { + "description": "Certs are the public certs used for fingerprinting.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "fingerprints": { + "description": "SHA256 fingerprints of the certificates.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostAssetInfo": { + "properties": { + "accountID": { + "description": ".\n", + "type": "string" + }, + "cluster": { + "description": ".\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "docker": { + "description": ".\n", + "type": "string" + }, + "kubernetes": { + "description": ".\n", + "type": "string" + }, + "lastScanTime": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "osDistro": { + "description": ".\n", + "type": "string" + }, + "osRelease": { + "description": ".\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": ".\n", + "type": "string" + }, + "resourceName": { + "description": ".\n", + "type": "string" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "scannedBy": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + }, + "vmImage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.HostAssetsSummary": { + "properties": { + "cloudProviders": { + "$ref": "#/components/schemas/types.CloudProviders" + }, + "total": { + "description": ".\n", + "type": "integer" + }, + "vulnerable": { + "description": "Vulnerable is the number of images with impactful vulnerabilities.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.HostAutoDeploySpecStatus": { + "description": "HostAutoDeploySpecStatus contains the discovery and deployment status for a particular host auto-deploy spec", + "properties": { + "defended": { + "description": "Defended is the number of already defended VMs.\n", + "type": "integer" + }, + "discovered": { + "description": "Discovered is the number of discovered unprodected VMs.\n", + "type": "integer" + }, + "error": { + "description": "Error is an error logged during the the auto-deploy scan (if occurred).\n", + "type": "string" + }, + "errors": { + "description": "Errors are the errors occurred in the command invocations.\n", + "items": { + "$ref": "#/components/schemas/deployment.CommandError" + }, + "type": "array" + }, + "failed": { + "description": "Failed is the number of instances where deployment failed.\n", + "type": "integer" + }, + "missingPermissions": { + "description": "MissingPermissions is the number of instances in regions that the credential don't have permissions to them.\n", + "type": "integer" + }, + "name": { + "description": "Name is the spec name.\n", + "type": "string" + }, + "skipped": { + "description": "Skipped is the number of instances that the deployment was skipped for due to having a running Docker engine or being a worker node in a k8s cluster.\n", + "type": "integer" + }, + "unmatched": { + "description": "Unmatched is the number of discovered instances for which the scope does not apply.\n", + "type": "integer" + }, + "unsupported": { + "description": "Unsupported is the number of instances with missing prerequisites.\n", + "type": "integer" + }, + "windows": { + "description": "Windows is the number of windows instances discovered.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.HostAutoDeployStatus": { + "description": "HostAutoDeployStatus is the status of the deployment tasks per spec during the host auto-deploy action", + "properties": { + "scanning": { + "description": "Scanning indicates whether scanning is running.\n", + "type": "boolean" + }, + "status": { + "description": "Status contains the deploy status for each spec.\n", + "items": { + "$ref": "#/components/schemas/types.HostAutoDeploySpecStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostRadarData": { + "description": "HostRadarData represent all data relevant to the network radar", + "properties": { + "hostCount": { + "description": "HostCount is the total number of hosts.\n", + "type": "integer" + }, + "radar": { + "description": "Radar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/types.HostRadarEntity" + }, + "type": "array" + }, + "radarSubnets": { + "description": "RadarSubnets holds all the radar subnets.\n", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostRadarEntity": { + "description": "HostRadarEntity is the extended host radar entity (include presentation metadata)", + "properties": { + "OSDistro": { + "description": "OSDistro is the OS distro name (e.g., ubuntu).\n", + "type": "string" + }, + "_id": { + "description": "ID is the host name.\n", + "type": "string" + }, + "activitiesCount": { + "description": "ActivitiesCount is the number of activities detected in the host.\n", + "type": "integer" + }, + "agentless": { + "description": "Agentless indicates whether this host was scanned by the agentless scanner.\n", + "type": "boolean" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "appFirewallAttackCounts": { + "description": "AppFirewallAttackCounts is the counts for the app firewall attacks.\n", + "items": { + "$ref": "#/components/schemas/types.AppFirewallAttackCount" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the cluster the host is deployed on.\n", + "type": "string" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "fileIntegrityCount": { + "description": "FileIntegrityCount is the number of file integrity events detected in the host.\n", + "type": "integer" + }, + "filesystemCount": { + "description": "FilesystemCount is number of filesystem events triggered by the entity.\n", + "type": "integer" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents triggered by the entity.\n", + "type": "integer" + }, + "incoming": { + "description": "Incoming are the incoming connections from the host.\n", + "items": { + "$ref": "#/components/schemas/shared.HostRadarIncomingConnection" + }, + "type": "array" + }, + "internet": { + "$ref": "#/components/schemas/shared.InternetConnections" + }, + "labels": { + "description": "Labels are the labels associated with the profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "listeningPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + }, + "logInspectionCount": { + "description": "LogInspectionCount is the number of log inspection events detected in the host.\n", + "type": "integer" + }, + "networkCount": { + "description": "NetworkCount is number of network events triggered by the entity.\n", + "type": "integer" + }, + "outboundPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + }, + "processesCount": { + "description": "ProcessesCount is the number of processes events triggered by the entity.\n", + "type": "integer" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "subnetConnections": { + "$ref": "#/components/schemas/shared.SubnetConnections" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "waasStats": { + "$ref": "#/components/schemas/waas.MonitoringStats" + } + }, + "type": "object" + }, + "types.ImageAssetInfo": { + "properties": { + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "digest": { + "description": ".\n", + "type": "string" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": ".\n", + "type": "string" + }, + "lastScanTime": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "osDistro": { + "description": ".\n", + "type": "string" + }, + "osRelease": { + "description": ".\n", + "type": "string" + }, + "registry": { + "description": ".\n", + "type": "string" + }, + "repository": { + "description": ".\n", + "type": "string" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "scannedBy": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImageAssetsSummary": { + "properties": { + "cloudProviders": { + "$ref": "#/components/schemas/types.CloudProviders" + }, + "stages": { + "$ref": "#/components/schemas/types.Stages" + }, + "vulnerable": { + "description": "Vulnerable is the number of images with impactful vulnerabilities.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ImageScanOptions": { + "description": "ImageScanOptions holds the options for image scanning", + "properties": { + "hostname": { + "description": "Hostname is the optional host name to scan.\n", + "type": "string" + }, + "imageTag": { + "$ref": "#/components/schemas/shared.ImageTag" + } + }, + "type": "object" + }, + "types.ImpactedContainer": { + "description": "ImpactedContainer contains details of a running container with an impacted image", + "properties": { + "container": { + "description": ".\n", + "type": "string" + }, + "factors": { + "$ref": "#/components/schemas/types.RiskScoreFactors" + }, + "host": { + "description": ".\n", + "type": "string" + }, + "image": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": ".\n", + "type": "string" + }, + "namespace": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedOutOfBandEntity": { + "description": "ImpactedOutOfBandEntity holds the info of an impacted out of band entity", + "properties": { + "containerName": { + "description": "ContainerName is the name of the container or empty for host.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the name of the host that was scanned or host on which the container is deployed.\n", + "type": "string" + }, + "image": { + "description": "Image is the image name of the container or empty for host.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedPackage": { + "description": "ImpactedPackage holds the vulnerability details for a package", + "properties": { + "cvss": { + "description": "CVSS is the vulnerability cvss score for this package.\n", + "format": "float", + "type": "number" + }, + "package": { + "description": "Package is the impacted package name and version.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the vulnerability severity for this package.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedResourceDetails": { + "description": "ImpactedResourceDetails holds the vulnerability details for a specific impacted resource", + "properties": { + "containers": { + "description": "Containers are the running containers of this image found in the environment.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedContainer" + }, + "type": "array" + }, + "functionDetails": { + "description": "FunctionDetails is a formatted string holding function details.\n", + "type": "string" + }, + "packages": { + "description": "Packages holds vulnerability details per impacted package found in this resource.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedPackage" + }, + "type": "array" + }, + "resourceID": { + "description": "ResourceID is a resource identifier (e.g. image ID, hostname).\n", + "type": "string" + } + }, + "type": "object" + }, + "types.IntelligenceStatus": { + "description": "IntelligenceStatus stores the status on the intelligence service", + "properties": { + "connected": { + "description": ".\n", + "type": "boolean" + }, + "err": { + "description": ".\n", + "type": "string" + }, + "lastUpdate": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.IssueType": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + }, + "types.LatestVersion": { + "description": "LatestVersion represents the latest remote product version", + "properties": { + "latestVersion": { + "description": "LatestVersion is the latest official product version.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.LicenseStats": { + "description": "LicenseStats holds the console license stats", + "properties": { + "avg": { + "description": "Avg is the average number of credits.\n", + "format": "double", + "type": "number" + }, + "containerDefenders": { + "description": "ContainerDefenders is the total number of container defenders.\n", + "type": "integer" + }, + "dailySamplesDefenders": { + "description": "DailySamplesDefenders holds the last 30 daily credits averages.\n", + "items": { + "$ref": "#/components/schemas/float64" + }, + "type": "array" + }, + "exceeded": { + "description": "Exceeded indicates the number of credits exceeded license.\n", + "type": "boolean" + }, + "hostDefenders": { + "description": "HostDefenders is the total number of host defenders.\n", + "type": "integer" + }, + "hourAvg": { + "description": "HourAvg is the average number of credits per hour.\n", + "format": "double", + "type": "number" + }, + "hourSamples": { + "description": "HourSamples is the number of hourly samples collected.\n", + "format": "double", + "type": "number" + }, + "monthlyUsage": { + "description": "MonthlyUsage holds the last 24 monthly usage averages.\n", + "items": { + "$ref": "#/components/schemas/types.AllDefendersUsage" + }, + "type": "array" + }, + "msg": { + "description": "Msg is the license exceeded error/warning message to show.\n", + "type": "string" + }, + "onDemandCredits": { + "description": "OnDemandCredits is the number of on demand credits used during the current contract.\n", + "type": "integer" + }, + "protectedFunctions": { + "description": "ProtectedFunctions is the number of serverless functions that have a defender installed.\n", + "format": "double", + "type": "number" + }, + "scannedFunctions": { + "description": "ScannedFunctions is the number functions being scanned for vulnerabilities and compliance issues without a defender installed.\n", + "format": "double", + "type": "number" + }, + "serverlessTimestamp": { + "description": "ServerlessTimestamp is the timestamp for the last serverless credit calculation.\n", + "format": "date-time", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the last collection timestamp.\n", + "format": "date-time", + "type": "string" + }, + "totalCreditUsage": { + "description": "TotalCreditUsage is the total amount of credits used from the beginning of the current contract.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.LogUploadResponse": { + "description": "LogUploadResponse returns the result of uploading a file to the intelligence", + "properties": { + "remotePath": { + "description": "Path returned by the intelligence.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.LogonSettings": { + "description": "LogonSettings are settings associated with the login properties", + "properties": { + "basicAuthDisabled": { + "description": "Indicates whether the user can use basic auth.\n", + "type": "boolean" + }, + "includeTLS": { + "description": "IncludeTLS indicates that TLS checks should be included in copy links.\n", + "type": "boolean" + }, + "sessionTimeoutSec": { + "description": "SessionTimeoutSec defines the session timeout in seconds.\n", + "format": "int64", + "type": "integer" + }, + "strongPassword": { + "description": "StrongPassword indicates whether strong password enforcement is applied.\n", + "type": "boolean" + }, + "useSupportCredentials": { + "description": "UseSupportCredentials indicates whether to include credentials in the URL.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.MgmtAuditFilters": { + "description": "MgmtAuditFilters are filters for management audit queries", + "properties": { + "type": { + "description": "Type is the management audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "username": { + "description": "Usernames is a filter for specific users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.NetworkFirewallStats": { + "description": "NetworkFirewallStats stores the total amount of network firewall audits", + "properties": { + "alerted": { + "description": ".\n", + "type": "integer" + }, + "blocked": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.OperationalStatusDetail": { + "properties": { + "reason": { + "description": ".\n", + "type": "string" + }, + "title": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ProfileStateUpdate": { + "description": "ProfileStateUpdate is the request for updating profile state", + "properties": { + "profileID": { + "description": "ID is the profile ID to relearn.\n", + "type": "string" + }, + "state": { + "$ref": "#/components/schemas/shared.RuntimeProfileState" + } + }, + "type": "object" + }, + "types.Project": { + "description": "Project represent the project details", + "properties": { + "_id": { + "description": "ID is the project name (primary index).\n", + "type": "string" + }, + "address": { + "description": "Address is the project address.\n", + "type": "string" + }, + "ca": { + "description": "CACertificate is the remote console CA certificate.\n", + "items": { + "$ref": "#/components/schemas/byte" + }, + "type": "array" + }, + "creationTime": { + "description": "CreationTime is the remote project creation time.\n", + "format": "date-time", + "type": "string" + }, + "err": { + "description": "Err are errors that happened during project synchronization / setup.\n", + "type": "string" + }, + "password": { + "$ref": "#/components/schemas/common.Secret" + }, + "skipCertificateVerification": { + "description": "SkipCertificateVerification indicates that the connection to the secondary project is done on insecure channel, this is used when secondary\nproject is behind a proxy or when customer is using custom certs.\n", + "type": "boolean" + }, + "username": { + "description": "Username is the remote project username.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ProjectCredentials": { + "description": "ProjectCredentials are the supervisor project credentials", + "properties": { + "password": { + "description": "Password is the password used for the deleted project access.\n", + "type": "string" + }, + "user": { + "description": "User is the user used for the deleted project access.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RegistryWebhookRequest": { + "description": "RegistryWebhookRequest is a registry scanning webhook request.\nSchema supports multiple webhook providers:\nhttps://docs.docker.com/docker-hub/webhooks/\nhttps://docs.docker.com/registry/notifications/", + "properties": { + "action": { + "description": "Action is the webhook action.\n", + "type": "string" + }, + "artifactory": { + "$ref": "#/components/schemas/types.ArtifactoryWebhookRequest" + }, + "domain": { + "description": "Domain indicates the artifactory webhook domain (e.g., artifact, docker, build, etc). Used to avoid filter docker events.\n", + "type": "string" + }, + "event_type": { + "description": "EventType is the artifactory webhook action performed (e.g., push).\n", + "type": "string" + }, + "type": { + "description": "Type is the event type (Harbor registry).\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RelatedImage": { + "properties": { + "name": { + "description": ".\n", + "type": "string" + }, + "scanStatus": { + "description": ".\n", + "type": "boolean" + }, + "uaiID": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RelatedImages": { + "properties": { + "build": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + }, + "deploy": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + }, + "run": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ResourceVulnerabilityStats": { + "description": "ResourceVulnerabilityStats holds vulnerability stats of a single resource type", + "properties": { + "count": { + "description": "Count is the total number of vulnerabilities.\n", + "type": "integer" + }, + "cves": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "impacted": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilities": { + "description": "All resource vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/types.VulnerabilityInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.RiskScoreFactors": { + "description": "RiskScoreFactors holds factors used to calculate risk score", + "properties": { + "envVarSecrets": { + "description": "EnvVarSecrets indicates whether a container has access to secrets via environment variables.\n", + "type": "boolean" + }, + "hostAccess": { + "description": "HostAccess indicates whether a container has access to the host network or namespace.\n", + "type": "boolean" + }, + "internet": { + "description": "Internet indicates whether a container has internet access.\n", + "type": "boolean" + }, + "network": { + "description": "Network indicates whether a container is listening to ports.\n", + "type": "boolean" + }, + "noSecurityProfile": { + "description": "NoSecurityProfile indicates whether a container has security profile issue.\n", + "type": "boolean" + }, + "privilegedContainer": { + "description": "PrivilegedContainer indicates whether a container runs using the --privileged flag.\n", + "type": "boolean" + }, + "rootMount": { + "description": "RootMount indicates whether a container has access to the host file system using a root mount.\n", + "type": "boolean" + }, + "rootPrivilege": { + "description": "RootPrivilege indicates whether a container runs as root.\n", + "type": "boolean" + }, + "runtimeSocket": { + "description": "RuntimeSocket indicates whether a container has the runtime socket mounted.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.RuleComplianceStats": { + "description": "RuleComplianceStats holds data regarding applied compliance rule", + "properties": { + "failed": { + "description": "Failed is the count of the rule compliance IDs in resources.\n", + "type": "integer" + }, + "name": { + "description": "Name is the name of the applied rule.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "total": { + "description": "Total is the count of evaluations done by rule.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.RuntimeStats": { + "description": "RuntimeStats are stats for runtime flows (sum of audits per flow)", + "properties": { + "filesystem": { + "description": ".\n", + "type": "integer" + }, + "kubernetes": { + "description": ".\n", + "type": "integer" + }, + "network": { + "description": ".\n", + "type": "integer" + }, + "processes": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.SecretsStatus": { + "description": "SecretsStatus holds the update status for the secrets", + "properties": { + "err": { + "description": ".\n", + "type": "string" + }, + "lastUpdate": { + "description": ".\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorConfiguration": { + "description": "SecurityAdvisorConfiguration is the security configuration associated with security advisor", + "properties": { + "accountID": { + "description": "AccountID is the customer account ID.\n", + "type": "string" + }, + "apikey": { + "description": "APIKey is the security advisor secret.\n", + "type": "string" + }, + "findingsURL": { + "description": "FindingsURL is the url to which findings should be sent.\n", + "type": "string" + }, + "providerId": { + "description": "ProviderID is the id assigned to Twistlock.\n", + "type": "string" + }, + "tokenURL": { + "description": "TokenURL is the url from which token should be fetched.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorDashboardResp": { + "description": "SecurityAdvisorDashboardResp is the response to security advisor dashboard", + "properties": { + "url": { + "description": "URL is the console URL link.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorNotes": { + "description": "SecurityAdvisorNotes security advisor the security advisor finding metadata", + "properties": { + "changedSince": { + "description": "ChangedSince is the last time entries were modified.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ServerlessAutoDeploySpecStatus": { + "description": "ServerlessAutoDeploySpecStatus contains status for a particular serverless auto-deploy spec", + "properties": { + "defended": { + "description": "Defended is the number of already defended functions.\n", + "type": "integer" + }, + "discovered": { + "description": "Discovered is the number of functions to protect.\n", + "type": "integer" + }, + "name": { + "description": "Name is the spec name.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ServerlessAutoDeployStatus": { + "description": "ServerlessAutoDeployStatus is the status of the serverless auto-deploy scan", + "properties": { + "errors": { + "description": "Errors is the collection of errors for the auto-deploy scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "scanning": { + "description": "Scanning indicates whether scanning is running.\n", + "type": "boolean" + }, + "specs": { + "description": "Specs contains the status for each spec.\n", + "items": { + "$ref": "#/components/schemas/types.ServerlessAutoDeploySpecStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ServerlessRadarStatus": { + "description": "ServerlessRadarStatus holds the status for serverless radar scans", + "properties": { + "err": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ServerlessUsage": { + "description": "ServerlessUsage holds the number of defenders, invocations and credits used for serverless defenders", + "properties": { + "creditCount": { + "description": "CreditCount is credits that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "defendersCount": { + "description": "DefendersCount is the number of defenders that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "protectedFunctions": { + "description": "ProtectedFunctions is the number of serverless functions that have a defender installed.\n", + "format": "double", + "type": "number" + }, + "scannedFunctions": { + "description": "ScannedFunctions is the number functions being scanned for vulnerabilities and compliance issues without a defender installed.\n", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "types.Settings": { + "description": "Settings are the global system settings", + "properties": { + "WAASLogScrubbingSpecs": { + "$ref": "#/components/schemas/waas.SensitiveDataSpecs" + }, + "accessCaCert": { + "description": "AccessCACert is a custom CA certificate.\n", + "type": "string" + }, + "address": { + "description": "Address is the intelligence service address.\n", + "type": "string" + }, + "alerts": { + "$ref": "#/components/schemas/api.AlertSettings" + }, + "certSettings": { + "$ref": "#/components/schemas/types.CertSettings" + }, + "certificatePeriodDays": { + "description": "ClientCertificatePeriodDays is the certificates period in days of client certificates.\n", + "type": "integer" + }, + "checkRevocation": { + "description": "CheckRevocation indicates whether cert revocation status is required.\n", + "type": "boolean" + }, + "clusteredDB": { + "$ref": "#/components/schemas/clustereddb.Settings" + }, + "communicationPort": { + "description": "MgmtPortHTTP is the Console HTTP port.\n", + "type": "integer" + }, + "consoleCaCert": { + "description": "ConsoleCACert is a custom CA certificate for the console.\n", + "type": "string" + }, + "consoleCustomCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "consoleNames": { + "description": "ConsoleNames is a list of names to use when generating the console SAN certificate.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialsCountLimit": { + "description": "CredentialsCountLimit is the maximum amount of allowed credentials.\n", + "type": "integer" + }, + "csaAPairingSettings": { + "$ref": "#/components/schemas/types.CSAPairingSettings" + }, + "customEndpoint": { + "description": "CustomEndpoint is the user defined custom endpoint.\n", + "type": "string" + }, + "customEndpointCACert": { + "description": "CustomEndpointCACert is the custom CA cert bundle for trusting the custom endpoint.\n", + "type": "string" + }, + "customEndpointCredentialID": { + "description": "CustomEndpointCredentialID is the custom endpoint credential ID.\n", + "type": "string" + }, + "customEndpointEnabled": { + "description": "CustomEndpointEnabled indicates that the user custom endpoint is enabled.\n", + "type": "boolean" + }, + "customLabels": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + }, + "defenderSettings": { + "$ref": "#/components/schemas/defender.Settings" + }, + "enabled": { + "description": "Enabled indicates whether intelligence service is enabled.\n", + "type": "boolean" + }, + "fipsEnabled": { + "description": "FIPSEnabled indicates whether FIPS-compliant cryptography is enforced.\n", + "type": "boolean" + }, + "forensic": { + "$ref": "#/components/schemas/shared.ForensicSettings" + }, + "hasAdmin": { + "description": "HasAdmin indicates whether the admin account is initialized.\n", + "type": "boolean" + }, + "hostAutoDeploy": { + "$ref": "#/components/schemas/shared.HostAutoDeploySpecifications" + }, + "hpkp": { + "$ref": "#/components/schemas/types.HPKPSettings" + }, + "identitySettings": { + "$ref": "#/components/schemas/identity.Settings" + }, + "ldapEnabled": { + "description": "LdapEnabled indicates whether ldap is enabled.\n", + "type": "boolean" + }, + "licenseKey": { + "description": "LicenseKey is the license key.\n", + "type": "string" + }, + "logging": { + "$ref": "#/components/schemas/shared.LoggingSettings" + }, + "logon": { + "$ref": "#/components/schemas/types.LogonSettings" + }, + "oauthEnabled": { + "description": "OauthEnabled indicates whether Oauth is enabled.\n", + "type": "boolean" + }, + "oidcEnabled": { + "description": "OidcEnabled indicates whether OpenID connect is enabled.\n", + "type": "boolean" + }, + "projects": { + "$ref": "#/components/schemas/api.ProjectSettings" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "registry": { + "$ref": "#/components/schemas/shared.RegistrySettings" + }, + "runtimeSecretScrubbingSettings": { + "$ref": "#/components/schemas/shared.RuntimeSecretScrubbingSettings" + }, + "samlEnabled": { + "description": "SamlEnabled indicates whether saml is enabled.\n", + "type": "boolean" + }, + "scan": { + "$ref": "#/components/schemas/shared.ScanSettings" + }, + "secretsStores": { + "$ref": "#/components/schemas/shared.SecretsStores" + }, + "securedConsolePort": { + "description": "MgmtPortHTTPS is the Console HTTPS port.\n", + "type": "integer" + }, + "serverlessAutoDeploy": { + "$ref": "#/components/schemas/shared.ServerlessAutoDeploySpecifications" + }, + "tasDroplets": { + "description": "TASDropletsSpecification is the TAS droplets scanning settings.\n", + "items": { + "$ref": "#/components/schemas/shared.TASDropletSpecification" + }, + "type": "array" + }, + "telemetry": { + "$ref": "#/components/schemas/types.TelemetrySettings" + }, + "token": { + "description": "Token is the token used to access intelligence service.\n", + "type": "string" + }, + "trustedCerts": { + "description": "TrustedCerts is the list of trusted cert to allow in docker access scenarios.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + }, + "type": "array" + }, + "trustedCertsEnabled": { + "description": "TrustedCertsEnabled indicates whether to enable the trusted certificate feature.\n", + "type": "boolean" + }, + "uploadDisabled": { + "description": "UploadDisabled indicates whether logs uploading is disabled.\n", + "type": "boolean" + }, + "version": { + "description": "Version is the current console version.\n", + "type": "string" + }, + "vms": { + "$ref": "#/components/schemas/shared.VMSpecifications" + }, + "webAppsDiscoverySettings": { + "$ref": "#/components/schemas/waas.WebAppsDiscoverySettings" + }, + "wildFireSettings": { + "$ref": "#/components/schemas/shared.WildFireSettings" + }, + "windowsFeedEnabled": { + "description": "WindowsFeedEnabled indicates whether windows feed is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Stages": { + "properties": { + "build": { + "description": "Build is the count of CI scan.\n", + "type": "integer" + }, + "deploy": { + "description": "Deploy is the count of registry Images.\n", + "type": "integer" + }, + "run": { + "description": "Run is the count of deployed Images.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.Stats": { + "description": "Stats represents the status model that is stored in the DB", + "properties": { + "AgentlessAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "_id": { + "description": "ID is the metric type.\n", + "type": "string" + }, + "access": { + "$ref": "#/components/schemas/types.AccessStats" + }, + "appEmbeddedAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "container": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "containerAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/types.NetworkFirewallStats" + }, + "host": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "hostAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "hostComplianceCount": { + "description": "HostComplianceCount is the host compliance count.\n", + "type": "integer" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/types.NetworkFirewallStats" + }, + "incidentsCount": { + "description": "IncidentsCount is the incidents count.\n", + "type": "integer" + }, + "serverless": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "serverlessAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "time": { + "description": "UnixTimestamp is the unix timestamp.\n", + "format": "int64", + "type": "integer" + }, + "vulnerabilities": { + "$ref": "#/components/schemas/types.VulnerabilitiesStats" + } + }, + "type": "object" + }, + "types.Status": { + "description": "Status stores the status of a specific defender or for global features such as intelligence or LDAP", + "properties": { + "_id": { + "description": "ID is the defender identifier if the status is per defender or the type for global statuses.\n", + "type": "string" + }, + "appFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "container": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "features": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "filesystem": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostAutoDeploy": { + "$ref": "#/components/schemas/types.HostAutoDeployStatus" + }, + "hostCustomCompliance": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "image": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "intelligence": { + "$ref": "#/components/schemas/types.IntelligenceStatus" + }, + "lastModified": { + "description": "Datetime the status was last modified.\n", + "format": "date-time", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "outOfBandAppFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "process": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runc": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runtime": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "secrets": { + "$ref": "#/components/schemas/types.SecretsStatus" + }, + "serverlessAutoDeploy": { + "$ref": "#/components/schemas/types.ServerlessAutoDeployStatus" + }, + "serverlessRadar": { + "$ref": "#/components/schemas/types.ServerlessRadarStatus" + }, + "tasDroplets": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "type": { + "$ref": "#/components/schemas/types.StatusType" + }, + "upgrade": { + "$ref": "#/components/schemas/defender.UpgradeStatus" + } + }, + "type": "object" + }, + "types.StatusType": { + "description": "StatusType holds the status of a given flow (defender/intelligence/etc...)\nTODO: Use type in shared.Status object", + "enum": [ + [ + "intelligence", + "secrets", + "serverlessRadar", + "serverlessAutoDeploy", + "hostAutoDeploy" + ] + ], + "type": "string" + }, + "types.Suggestions": { + "properties": { + "suggestions": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.Tags": { + "properties": { + "endpoint_tags": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "server_tags": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.TelemetrySettings": { + "description": "TelemetrySettings is the telemetry settings", + "properties": { + "enabled": { + "description": "Enabled determines whether the telemetry settings are enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Trends": { + "description": "Trends contains data on global trends in the system", + "properties": { + "complianceTrend": { + "description": "ComplianceTrend represents the compliance trend.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceDailyStats" + }, + "type": "array" + }, + "defendersSummary": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "DefendersSummary represents the defenders count of each category.\n", + "type": "object" + }, + "vulnerabilitySummary": { + "$ref": "#/components/schemas/types.VulnerabilitySummary" + } + }, + "type": "object" + }, + "types.UserCollection": { + "description": "UserCollection holds general collection properties that are accessible to all users", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "name": { + "description": "Unique name associated with this collection.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.UserPassword": { + "description": "UserPassword represents a new user password", + "properties": { + "newPassword": { + "description": "New password to assign to the user who is invoking the API.\n", + "type": "string" + }, + "oldPassword": { + "description": "User's existing password to replace.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.UserPreferences": { + "description": "UserPreferences are the user global project reference that are persistent between versions", + "properties": { + "_id": { + "description": "User is the user name.\n", + "type": "string" + }, + "hideGuidedTour": { + "description": "HideGuidedTour indicates that guided tour should be hidden.\n", + "type": "boolean" + }, + "hideProjectDialog": { + "description": "HideProjectsDialog indicates the initial project selection dialog should be hidden.\n", + "type": "boolean" + }, + "waasRulesNotificationDismissed": { + "description": "WaasRulesNotificationDismiss indicates the time the user dismissed the waas added rules top bar.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "types.UserProject": { + "description": "UserProject holds general project properties that are accessible to all users", + "properties": { + "_id": { + "description": "ID is the project id.\n", + "type": "string" + }, + "address": { + "description": "Address is project address.\n", + "type": "string" + }, + "connected": { + "description": "Connected indicates if the project is currently disconnected due to an error.\n", + "type": "boolean" + }, + "creationTime": { + "description": "CreationTime is the project creation time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.VulnImpactedResources": { + "description": "VulnImpactedResources holds details about the resources impacted by vulnerability", + "properties": { + "_id": { + "description": "ID is the CVE ID (index for the impacted resources).\n", + "type": "string" + }, + "functions": { + "description": "Functions is a map between function id to its details.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "functionsCount": { + "description": "FunctionsCount is the total impacted functions count.\n", + "type": "integer" + }, + "hosts": { + "description": "Hosts is the list of impacted hosts.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "hostsCount": { + "description": "HostsCount is the total impacted hosts count.\n", + "type": "integer" + }, + "images": { + "description": "Images is the list of impacted hosts.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "imagesCount": { + "description": "ImagesCount is the total impacted images count.\n", + "type": "integer" + }, + "registryImages": { + "description": "RegistryImages is a list of impacted registry images.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "registryImagesCount": { + "description": "RegistryImagesCount is the total impacted registry images count.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.VulnSummary": { + "properties": { + "highestCVSSScore": { + "description": ".\n", + "format": "float", + "type": "number" + }, + "vulnFunnel": { + "$ref": "#/components/schemas/vuln.Funnel" + } + }, + "type": "object" + }, + "types.VulnerabilitiesStats": { + "description": "VulnerabilitiesStats are measures the total number of vulnerabilities in a specific images", + "properties": { + "containerCompliance": { + "description": "ContainerCompliance is the sum of all compliance issues for all running containers.\n", + "type": "integer" + }, + "imageCompliance": { + "description": "ImageCompliance is the sum of all compliance issues of all running images.\n", + "type": "integer" + }, + "imageCve": { + "description": "ImageCVE is the sum of cve vulnerabilities of all running images.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.VulnerabilityInfo": { + "description": "VulnerabilityInfo holds information about vulnerability used for VulnerabilityExplorer", + "properties": { + "cve": { + "description": "CVE ID.\n", + "type": "string" + }, + "description": { + "description": "Vulnerability description.\n", + "type": "string" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "highestCVSS": { + "description": "HighestCVSS is the highest CVSS score of the vulnerability.\n", + "format": "float", + "type": "number" + }, + "highestRiskFactors": { + "$ref": "#/components/schemas/types.RiskScoreFactors" + }, + "highestSeverity": { + "description": "HighestSeverity is the highest severity of the vulnerability.\n", + "type": "string" + }, + "impactedPkgs": { + "description": "Packages impacted by the vulnerability.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "impactedResourceType": { + "$ref": "#/components/schemas/vuln.ResourceType" + }, + "impactedResourcesCnt": { + "description": "Number of resources impacted by this vulnerability.\n", + "type": "integer" + }, + "link": { + "description": "Link to CVE.\n", + "type": "string" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "riskScore": { + "description": "Risk score.\n", + "format": "float", + "type": "number" + }, + "status": { + "description": "CVE status.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.VulnerabilityStats": { + "description": "VulnerabilityStats holds statistics about vulnerabilities issues", + "properties": { + "_id": { + "description": "ID of the vulnerability stats.\n", + "type": "string" + }, + "containers": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "functions": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "hosts": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "images": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "modified": { + "description": "Date/time when the entity was modified.\n", + "format": "date-time", + "type": "string" + }, + "registryImages": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + } + }, + "type": "object" + }, + "types.VulnerabilitySummary": { + "description": "VulnerabilitySummary represents the stats of each impacted entity", + "properties": { + "containers": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "functions": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "hosts": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "images": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "registryImages": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "types.XSOARAlerts": { + "description": "XSOARAlerts is a list of XSOAR alerts", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "uint": { + "type": "integer" + }, + "uint32": { + "type": "integer" + }, + "uint64": { + "type": "integer" + }, + "uint8": { + "type": "integer" + }, + "vuln.AllCompliance": { + "description": "AllCompliance contains data regarding passed compliance checks", + "properties": { + "compliance": { + "description": "Compliance are all the passed compliance checks.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled indicates whether passed compliance checks is enabled by policy.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "vuln.Application": { + "description": "Application represents a detected application", + "properties": { + "installedFromPackage": { + "description": "Indicates that the app was installed as an OS package.\n", + "type": "boolean" + }, + "knownVulnerabilities": { + "description": "Total number of vulnerabilities for this application.\n", + "type": "integer" + }, + "layerTime": { + "description": "Image layer to which the application belongs - layer creation time.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "Name of the application.\n", + "type": "string" + }, + "originPackageName": { + "description": "OriginPackageName is the name of the app origin package.\n", + "type": "string" + }, + "path": { + "description": "Path of the detected application.\n", + "type": "string" + }, + "service": { + "description": "Service indicates whether the application is installed as a service.\n", + "type": "boolean" + }, + "version": { + "description": "Version of the application.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.ComplianceCategory": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + }, + "vuln.ComplianceTemplate": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + }, + "vuln.Condition": { + "description": "Condition are extended options for vulnerability assessment in authorization flows", + "properties": { + "block": { + "description": "Specifies the effect. If true, the effect is block.\n", + "type": "boolean" + }, + "id": { + "description": "Vulnerability ID.\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.CustomVulnerabilities": { + "description": "CustomVulnerabilities is a collection of custom vulnerabilities\nTBD: this storage usage is not best practice, should be migrate to a 1 document per vulnerability", + "properties": { + "_id": { + "description": "ID is the custom vulnerabilities feed ID.\n", + "type": "string" + }, + "digest": { + "description": "Digest is the internal custom vulnerabilities feed digest.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of custom vulnerabilities rules.\n", + "items": { + "$ref": "#/components/schemas/vuln.CustomVulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "vuln.CustomVulnerability": { + "description": "CustomVulnerability is a user customized vulnerability", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "maxVersionInclusive": { + "description": ".\n", + "type": "string" + }, + "md5": { + "description": ".\n", + "type": "string" + }, + "minVersionInclusive": { + "description": ".\n", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "package": { + "description": ".\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "vuln.Distribution": { + "description": "Distribution counts the number of vulnerabilities per type", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + }, + "total": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.Effect": { + "description": "Effect specifies relevant action for a vulnerability", + "enum": [ + [ + "ignore", + "alert", + "block" + ] + ], + "type": "string" + }, + "vuln.ExpirationDate": { + "description": "ExpirationDate is the vulnerability expiration date", + "properties": { + "date": { + "description": "Date is the vulnerability expiration date.\n", + "format": "date-time", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates that the grace period is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "vuln.Funnel": { + "description": "Funnel is the vulnerability funnel", + "properties": { + "exploitable": { + "description": ".\n", + "type": "integer" + }, + "packageInUse": { + "description": ".\n", + "type": "integer" + }, + "patchable": { + "description": ".\n", + "type": "integer" + }, + "total": { + "description": ".\n", + "type": "integer" + }, + "urgent": { + "description": "Urgent is the number of critical and high CVEs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.ResourceType": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + }, + "vuln.Secret": { + "description": "Secret represents a secret found on the scanned workload", + "properties": { + "locationInFile": { + "description": "LocationInFile is the line and offset in the file where the secret was found.\n", + "type": "string" + }, + "modifiedTime": { + "description": "ModifiedTime is the modification time of the file containing the secret.\n", + "format": "int64", + "type": "integer" + }, + "path": { + "description": "Path is the path of the file in which the secret was found.\n", + "type": "string" + }, + "secretID": { + "description": "SecretID is the SHA1 of the secret content.\n", + "type": "string" + }, + "snippet": { + "description": "Snippet is the partial plain secret.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/vuln.SecretType" + } + }, + "type": "object" + }, + "vuln.SecretType": { + "description": "SecretType represents a secret type", + "enum": [ + [ + "AWS Access Key ID", + "AWS Secret Key", + "AWS MWS Auth Token", + "Azure Storage Account Access Key", + "Azure Service Principal", + "GCP Service Account Auth Key", + "Private Encryption Key", + "Public Encryption Key", + "PEM X509 Certificate Header", + "SSH Authorized Keys", + "Artifactory API Token", + "Artifactory Password", + "Basic Auth Credentials", + "Mailchimp Access Key", + "NPM Token", + "Slack Token", + "Slack Webhook", + "Square OAuth Secret", + "Notion Integration Token", + "Airtable API Key", + "Atlassian Oauth2 Keys", + "CircleCI Personal Token", + "Databricks Authentication Token", + "GitHub Token", + "GitLab Token", + "Google API key", + "Grafana Token", + "Python Package Index Key (PYPI)", + "Typeform API Token", + "Scalr Token", + "Braintree Access Token", + "Braintree Payments Key", + "Paypal Token Key", + "Braintree Payments ID", + "Datadog Client Token", + "ClickUp Personal API Token", + "OpenAI API Key", + "Java DB Connectivity (JDBC)", + "MongoDB", + ".Net SQL Server" + ] + ], + "type": "string" + }, + "vuln.TagInfo": { + "description": "TagInfo is the tag info in a specific vulnerability context", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "comment": { + "description": "Tag comment in a specific vulnerability context.\n", + "type": "string" + }, + "name": { + "description": "Name of the tag.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.TagType": { + "description": "TagType specifies the resource type for tagging where the vulnerability is found. Use the wildcard `*` to apply the tag to all the resource types where the vulnerability is found", + "enum": [ + [ + "image", + "host", + "function", + "" + ] + ], + "type": "string" + }, + "vuln.Vulnerability": { + "description": "Vulnerability is a general schema for vulnerabilities (e.g., for compliance or packages)", + "properties": { + "applicableRules": { + "description": "Rules applied on the package.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "binaryPkgs": { + "description": "Names of the distro binary package names (packages which are built from the source of the package).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "block": { + "description": "Indicates if the vulnerability has a block effect (true) or not (false).\n", + "type": "boolean" + }, + "cause": { + "description": "Additional information regarding the root cause for the vulnerability.\n", + "type": "string" + }, + "cri": { + "description": "Indicates if this is a CRI-specific vulnerability (true) or not (false).\n", + "type": "boolean" + }, + "custom": { + "description": "Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).\n", + "type": "boolean" + }, + "cve": { + "description": "CVE ID of the vulnerability (if applied).\n", + "type": "string" + }, + "cvss": { + "description": "CVSS score of the vulnerability.\n", + "format": "float", + "type": "number" + }, + "description": { + "description": "Description of the vulnerability.\n", + "type": "string" + }, + "discovered": { + "description": "Specifies the time of discovery for the vulnerability.\n", + "format": "date-time", + "type": "string" + }, + "exploit": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "fixDate": { + "description": "Date/time when the vulnerability was fixed (in Unix time).\n", + "format": "int64", + "type": "integer" + }, + "fixLink": { + "description": "Link to the vendor's fixed-version information.\n", + "type": "string" + }, + "functionLayer": { + "description": "Specifies the serverless layer ID in which the vulnerability was discovered.\n", + "type": "string" + }, + "gracePeriodDays": { + "description": "Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.\n", + "type": "integer" + }, + "id": { + "description": "ID of the violation.\n", + "type": "integer" + }, + "layerTime": { + "description": "Date/time of the image layer to which the CVE belongs.\n", + "format": "int64", + "type": "integer" + }, + "link": { + "description": "Vendor link to the CVE.\n", + "type": "string" + }, + "packageName": { + "description": "Name of the package that caused the vulnerability.\n", + "type": "string" + }, + "packageType": { + "$ref": "#/components/schemas/packages.Type" + }, + "packageVersion": { + "description": "Version of the package that caused the vulnerability (or null).\n", + "type": "string" + }, + "published": { + "description": "Date/time when the vulnerability was published (in Unix time).\n", + "format": "int64", + "type": "integer" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "secret": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "severity": { + "description": "Textual representation of the vulnerability's severity.\n", + "type": "string" + }, + "status": { + "description": "Vendor status for the vulnerability.\n", + "type": "string" + }, + "templates": { + "description": "List of templates with which the vulnerability is associated.\n", + "items": { + "$ref": "#/components/schemas/vuln.ComplianceTemplate" + }, + "type": "array" + }, + "text": { + "description": "Description of the violation.\n", + "type": "string" + }, + "title": { + "description": "Compliance title.\n", + "type": "string" + }, + "twistlock": { + "description": "Indicates if this is a Twistlock-specific vulnerability (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.Type" + }, + "vecStr": { + "description": "Textual representation of the metric values used to score the vulnerability.\n", + "type": "string" + }, + "vulnTagInfos": { + "description": "Tag information for the vulnerability.\n", + "items": { + "$ref": "#/components/schemas/vuln.TagInfo" + }, + "type": "array" + }, + "wildfireMalware": { + "$ref": "#/components/schemas/vuln.WildFireMalware" + } + }, + "type": "object" + }, + "vuln.WildFireMalware": { + "description": "WildFireMalware holds the data for WildFire malicious MD5", + "properties": { + "md5": { + "description": "MD5 is the hash of the malicious binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the path to malicious binary.\n", + "type": "string" + }, + "verdict": { + "description": "Verdict is the malicious source like grayware, malware and phishing.\n", + "type": "string" + } + }, + "type": "object" + }, + "vulnerability.CPUArch": { + "description": "CPUArch represents the CPU architecture", + "type": "integer" + }, + "vulnerability.CPUArchs": { + "description": "CPUArchs represents list of cpu architectures", + "items": { + "$ref": "#/components/schemas/vulnerability.CPUArch" + }, + "type": "array" + }, + "vulnerability.CVEType": { + "description": "CVEType represents the type of a CVE", + "enum": [ + [ + "python", + "gem", + "nodejs", + "jar", + "package", + "product", + "app", + "go", + "nuget", + "osConditions" + ] + ], + "type": "string" + }, + "vulnerability.Conditions": { + "description": "Conditions represents a list of CVE rules (used to determine whether a CVE applies to a given package)", + "items": { + "$ref": "#/components/schemas/vulnerability.Rules" + }, + "type": "array" + }, + "vulnerability.CpeIDs": { + "items": { + "$ref": "#/components/schemas/uint32" + }, + "type": "array" + }, + "vulnerability.ExploitData": { + "description": "ExploitData holds information about an exploit", + "properties": { + "kind": { + "$ref": "#/components/schemas/vulnerability.ExploitKind" + }, + "link": { + "description": "Link is a link to information about the exploit.\n", + "type": "string" + }, + "source": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + } + }, + "type": "object" + }, + "vulnerability.ExploitKind": { + "description": "ExploitKind represents the kind of the exploit", + "enum": [ + [ + "poc", + "in-the-wild" + ] + ], + "type": "string" + }, + "vulnerability.ExploitType": { + "description": "ExploitType represents the source of an exploit", + "enum": [ + [ + "", + "exploit-db", + "exploit-windows", + "cisa-kev" + ] + ], + "type": "string" + }, + "vulnerability.Exploits": { + "description": "Exploits represents the exploits data found for a CVE", + "items": { + "$ref": "#/components/schemas/vulnerability.ExploitData" + }, + "type": "array" + }, + "vulnerability.RHELCpeHashes": { + "description": "RHELCpeHashes represent the CPE hashes associated with a given Red Hat repository", + "items": { + "$ref": "#/components/schemas/uint32" + }, + "type": "array" + }, + "vulnerability.RiskFactor": { + "description": "RiskFactor represents a vulnerability risk factor, used in determining a vulnerability risk score", + "enum": [ + [ + "Critical severity", + "High severity", + "Medium severity", + "Has fix", + "Remote execution", + "DoS - Low", + "DoS - High", + "Recent vulnerability", + "Exploit exists - in the wild", + "Exploit exists - POC", + "Attack complexity: low", + "Attack vector: network", + "Reachable from the internet", + "Listening ports", + "Container is running as root", + "No mandatory security profile applied", + "Running as privileged container", + "Package in use", + "Sensitive information", + "Root mount", + "Runtime socket", + "Host access" + ] + ], + "type": "string" + }, + "vulnerability.RiskFactors": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "RiskFactors maps the existence of vulnerability risk factors", + "type": "object" + }, + "vulnerability.Rules": { + "description": "Rules represents a list of CVE assessment rules (used to determine whether a CVE applies to a given package)", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerability.Symbols": { + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerability.Type": { + "description": "Type represents the vulnerability type", + "enum": [ + [ + "container", + "image", + "host_config", + "daemon_config", + "daemon_config_files", + "security_operations", + "k8s_master", + "k8s_worker", + "k8s_federation", + "linux", + "windows", + "istio", + "serverless", + "custom", + "docker_stig", + "openshift_master", + "openshift_worker", + "application_control_linux", + "gke_worker", + "image_malware", + "host_malware", + "aks_worker", + "eks_worker", + "image_secret", + "host_secret" + ] + ], + "type": "string" + }, + "waas.APIChangeDetails": { + "description": "APIChangeDetails contains the details of the API change", + "properties": { + "changeType": { + "$ref": "#/components/schemas/waas.APIChangesType" + }, + "date": { + "description": "Date is the change date.\n", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "Value the value of the change - if applicable.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.APIChangesType": { + "description": "APIChangesType is used to represent the supported API changes types", + "type": "integer" + }, + "waas.APIProtectionStatus": { + "enum": [ + [ + "unprotected", + "monitored", + "protected" + ] + ], + "type": "string" + }, + "waas.APIRequest": { + "description": "APIRequest represents a single API request and its data", + "properties": { + "bodySchema": { + "$ref": "#/components/schemas/waas.BodySchema" + }, + "bodySchemaDiffExceededLimit": { + "description": "BodySchemaDiffExceededLimit is the date that the request body schema exceeded the size limit for finding body schema changes.\n", + "format": "date-time", + "type": "string" + }, + "clientTypes": { + "description": "ClientTypes are the client types used to access this path.\n", + "items": { + "$ref": "#/components/schemas/waas.ClientType" + }, + "type": "array" + }, + "contentType": { + "description": "ContentType is the request content type.\n", + "type": "string" + }, + "firstSeen": { + "description": "FirstSeen is the date when this path was first seen.\n", + "format": "date-time", + "type": "string" + }, + "hits": { + "description": "Hits are amount of hits on this path.\n", + "type": "integer" + }, + "lastChanged": { + "description": "LastChanged is the date when this path was last changed.\n", + "format": "date-time", + "type": "string" + }, + "lastSeen": { + "description": "LastSeen is the date when this path was last seen.\n", + "format": "date-time", + "type": "string" + }, + "method": { + "description": "Method is the HTTP method of the API request.\n", + "type": "string" + }, + "owaspAPIAttacks": { + "description": "OWASPAPIAttacks are the OWASP API Top10 attacks that were found on the API.\n", + "items": { + "$ref": "#/components/schemas/waas.OWASPAPITop10" + }, + "type": "array" + }, + "path": { + "description": "Path is the path of the API request.\n", + "type": "string" + }, + "protected": { + "description": "Protected indicates that the method+path are protected by WAAS API Protection.\n", + "type": "boolean" + }, + "public": { + "description": "Public indicates this path may be accessed from the internet.\n", + "type": "boolean" + }, + "queryParameters": { + "description": "QueryParameters are the query parameters of the API request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "requestSizeDistribution": { + "$ref": "#/components/schemas/waas.SizeRangeDistribution" + }, + "requestSizeTotal": { + "description": "RequestSizeTotal is the total request body size.\n", + "type": "integer" + }, + "requiresAuthentication": { + "description": "RequiresAuthentication indicated this path requires authentication to access.\n", + "type": "boolean" + }, + "responseContentType": { + "description": "ResponseContentType is the response content type.\n", + "type": "string" + }, + "responseSensitiveData": { + "description": "ResponseSensitiveData indicated this path may be used with sensitive data attached in response.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "responseSizeDistribution": { + "$ref": "#/components/schemas/waas.SizeRangeDistribution" + }, + "responseSizeTotal": { + "description": "ResponseSizeTotal is the total response body size.\n", + "type": "integer" + }, + "sensitiveData": { + "description": "RequestSensitiveData indicated this path may be used with sensitive data attached in request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "servers": { + "description": "Servers are the destination servers (including port and schema) of the API request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "sourceIP": { + "description": "SourceIP is the source IP of the API request.\n", + "type": "string" + }, + "statusCodeDistribution": { + "$ref": "#/components/schemas/waas.StatusCodeDistribution" + } + }, + "type": "object" + }, + "waas.APISpec": { + "description": "APISpec is an API specification", + "properties": { + "description": { + "description": "Description of the app.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "endpoints": { + "description": "The app's endpoints.\n", + "items": { + "$ref": "#/components/schemas/waas.Endpoint" + }, + "type": "array" + }, + "fallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "paths": { + "description": "Paths of the API's endpoints.\n", + "items": { + "$ref": "#/components/schemas/waas.Path" + }, + "type": "array" + }, + "queryParamFallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.APIStats": { + "description": "APIStats contains the API stats that occurred since the last stats dump", + "properties": { + "actionCounts": { + "$ref": "#/components/schemas/waas.ActionStats" + }, + "attackTypeStats": { + "$ref": "#/components/schemas/waas.AttackTypeStats" + }, + "blockedRequests": { + "description": "BlockedRequests is the number of blocked requests since last dump.\n", + "type": "integer" + }, + "forwardedRequests": { + "description": "ForwardedRequests is the number of forwarded requests since last dump.\n", + "type": "integer" + }, + "geoData": { + "$ref": "#/components/schemas/waas.GeoData" + }, + "inspectedBodyBytes": { + "description": "InspectedBodyBytes are the total request and response inspected body bytes.\n", + "type": "integer" + }, + "inspectionLimitExceeded": { + "description": "InspectionLimitExceeded is the total number of requests in which the body size exceeds inspection limit.\n", + "type": "integer" + }, + "interstitialPages": { + "description": "InterstitialPages is the number of interstitial pages served.\n", + "type": "integer" + }, + "lastErrs": { + "description": "LastErrs is the last errors that occurred, storing up to 20 errors.\n", + "items": { + "$ref": "#/components/schemas/waas.ReqErrorCtx" + }, + "type": "array" + }, + "maxRequestInspectionDuration": { + "description": "MaxRequestInspectionDuration is the maximum request inspection duration (time spent in waas until request was forwarded).\n", + "format": "int64", + "type": "integer" + }, + "maxResponseSizeBytes": { + "description": "MaxResponseSizeBytes contains the max response size.\n", + "type": "integer" + }, + "parsingErrs": { + "description": "ParsingErrs is a counter of the parsing errors that occurred.\n", + "type": "integer" + }, + "reCAPTCHAs": { + "description": "ReCAPTCHAs is the number of reCAPTCHA pages served.\n", + "type": "integer" + }, + "responseCodeStats": { + "$ref": "#/components/schemas/waas.ResponseCodeStats" + }, + "totalErrs": { + "description": "TotalErrs is a counter of the errors that occurred.\n", + "type": "integer" + }, + "totalForwardedRequestsDuration": { + "description": "TotalForwardedRequestsDuration is the total request duration for forwarded requests.\n", + "format": "int64", + "type": "integer" + }, + "totalRequestInspectionDuration": { + "description": "TotalRequestInspectionDuration is the total request inspection duration (time spent in waas until request was forwarded).\n", + "format": "int64", + "type": "integer" + }, + "totalRequests": { + "description": "TotalRequests is the number of incoming requests since last dump.\n", + "type": "integer" + }, + "totalResponseSizeBytes": { + "description": "TotalResponsesSizeBytes is the total APIs response size.\n", + "type": "integer" + }, + "totalTimeouts": { + "description": "TotalTimeouts is the number of timed out responses.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AccessControls": { + "description": "AccessControls contains the access controls config (e.g., denied/allowed sources)", + "properties": { + "alert": { + "description": "Alert are the denied sources for which we alert.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allow": { + "description": "Allow are the allowed sources for which we don't alert or prevent.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allowMode": { + "description": "AllowMode indicates allowlist (true) or denylist (false) mode.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates if access controls protection is enabled.\n", + "type": "boolean" + }, + "fallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "prevent": { + "description": "Prevent are the denied sources.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ActionStats": { + "description": "ActionStats contains the WAAS action stats", + "properties": { + "alert": { + "description": "Alerts is the number of Alert actions.\n", + "type": "integer" + }, + "ban": { + "description": "Bans is the number of Ban actions.\n", + "type": "integer" + }, + "prevent": { + "description": "Prevents is the number of Prevent actions.\n", + "type": "integer" + }, + "reCAPTCHA": { + "description": "ReCAPTCHAs is the number of reCAPTCHA actions.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AgentlessPolicyState": { + "description": "AgentlessPolicyState is the state of the agentless policy", + "properties": { + "deletedRules": { + "description": "DeletedRules are rules that were deleted but their VPC deployments have not been terminated.\n", + "items": { + "$ref": "#/components/schemas/waas.Rule" + }, + "type": "array" + }, + "states": { + "description": "States are the VPC configuration states.\n", + "items": { + "$ref": "#/components/schemas/waas.VPCConfigState" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.AppProtectionStats": { + "description": "AppProtectionStats contains the app protection status statistics", + "properties": { + "protected": { + "description": "Protected indicates the amount of protected WAAS app entities (containers/hosts).\n", + "type": "integer" + }, + "unprotected": { + "description": "Unprotected indicates the amount of unprotected WAAS app entities (containers/hosts).\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AppStats": { + "description": "AppStats contains the WAAS app policy statistics", + "properties": { + "accessControl": { + "description": "AccessControl is the total amount of apps with Access Control policy.\n", + "type": "integer" + }, + "bot": { + "description": "Bot is the total amount of apps with Bot Protection policy.\n", + "type": "integer" + }, + "customRulesEnabled": { + "description": "CustomRulesEnabled is the total amount of apps with Custom Rules enabled.\n", + "type": "integer" + }, + "dos": { + "description": "DoS is the total amount of apps with DoS Protection policy.\n", + "type": "integer" + }, + "waf": { + "description": "WAF is the total amount of apps with WAF policy.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.ApplicationSpec": { + "description": "ApplicationSpec is an application of a firewall instance", + "properties": { + "apiSpec": { + "$ref": "#/components/schemas/waas.APISpec" + }, + "appID": { + "description": "Unique ID for the app.\n", + "type": "string" + }, + "attackTools": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "autoApplyPatchesSpec": { + "$ref": "#/components/schemas/waas.AutoApplyPatchesSpec" + }, + "banDurationMinutes": { + "description": "Ban duration, in minutes.\n", + "type": "integer" + }, + "body": { + "$ref": "#/components/schemas/waas.BodyConfig" + }, + "botProtectionSpec": { + "$ref": "#/components/schemas/waas.BotProtectionSpec" + }, + "certificate": { + "$ref": "#/components/schemas/common.Secret" + }, + "clickjackingEnabled": { + "description": "Indicates whether clickjacking protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "cmdi": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "codeInjection": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "csrfEnabled": { + "description": "Indicates whether Cross-Site Request Forgery (CSRF) protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "customBlockResponse": { + "$ref": "#/components/schemas/waas.CustomBlockResponseConfig" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disableEventIDHeader": { + "description": "Indicates if event ID header should be attached to the response or not.\n", + "type": "boolean" + }, + "dosConfig": { + "$ref": "#/components/schemas/waas.DoSConfig" + }, + "headerSpecs": { + "description": "Configuration for inspecting HTTP headers.\n", + "items": { + "$ref": "#/components/schemas/waas.HeaderSpec" + }, + "type": "array" + }, + "intelGathering": { + "$ref": "#/components/schemas/waas.IntelGatheringConfig" + }, + "lfi": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "malformedReq": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "maliciousUpload": { + "$ref": "#/components/schemas/waas.MaliciousUploadConfig" + }, + "networkControls": { + "$ref": "#/components/schemas/waas.NetworkControls" + }, + "remoteHostForwarding": { + "$ref": "#/components/schemas/waas.RemoteHostForwardingConfig" + }, + "responseHeaderSpecs": { + "description": "Configuration for modifying HTTP response headers.\n", + "items": { + "$ref": "#/components/schemas/waas.ResponseHeaderSpec" + }, + "type": "array" + }, + "sessionCookieBan": { + "description": "Indicates if bans in this app are made by session cookie ID (true) or false (not).\n", + "type": "boolean" + }, + "sessionCookieEnabled": { + "description": "Indicates if session cookies are enabled (true) or not (false).\n", + "type": "boolean" + }, + "sessionCookieSameSite": { + "$ref": "#/components/schemas/waas.SameSite" + }, + "sessionCookieSecure": { + "description": "Indicates the Secure attribute of the session cookie.\n", + "type": "boolean" + }, + "shellshock": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "sqli": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "tlsConfig": { + "$ref": "#/components/schemas/waas.TLSConfig" + }, + "xss": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + } + }, + "type": "object" + }, + "waas.AttackType": { + "description": "AttackType is the type of the attack", + "enum": [ + [ + "xss", + "sqli", + "cmdi", + "lfi", + "codeInjection", + "deniedIP", + "deniedCountry", + "header", + "violationsExceeded", + "attackTools", + "shellshock", + "disallowedFile", + "malformedRequest", + "inspectionLimitExceeded", + "informationLeak", + "unexpectedAPI", + "dos", + "searchEngineCrawler", + "businessAnalyticsBot", + "educationalBot", + "newsBot", + "financialBot", + "contentFeedClient", + "archivingBot", + "careerSearchBot", + "mediaSearchBot", + "genericBot", + "webAutomationTool", + "webScraper", + "apiLibrary", + "httpLibrary", + "sessionValidation", + "javascriptTimeout", + "missingCookie", + "browserImpersonation", + "botImpersonation", + "requestAnomalies", + "userDefinedBot", + "recaptchaRequired", + "recaptchaVerificationFailed", + "customRule", + "publicSensitiveDataWithoutAuthentication", + "publicSensitiveDataWithoutEncryption" + ] + ], + "type": "string" + }, + "waas.AttackTypeStats": { + "description": "AttackTypeStats are the WAAS attack type stats", + "properties": { + "accessControl": { + "description": "AccessControl is the count of access control attacks.\n", + "type": "integer" + }, + "apiProtection": { + "description": "APIProtection is the count of API Protection attacks.\n", + "type": "integer" + }, + "attackTools": { + "description": "AttackTools is the count of attack tool attacks.\n", + "type": "integer" + }, + "bots": { + "description": "Bots is the count of Bot attacks.\n", + "type": "integer" + }, + "cmdInjection": { + "description": "CMDInjection is the count of command injection attacks.\n", + "type": "integer" + }, + "codeInjection": { + "description": "CodeInjection is the count of code injection attacks.\n", + "type": "integer" + }, + "customRules": { + "description": "CustomRules is the count of attacks detected by custom rules.\n", + "type": "integer" + }, + "dos": { + "description": "DoS is the count of DoS attacks.\n", + "type": "integer" + }, + "lfi": { + "description": "LFI is the count of local file injection attacks.\n", + "type": "integer" + }, + "sqlInjection": { + "description": "SQLInjection is the count of SQL injection attacks.\n", + "type": "integer" + }, + "waf": { + "description": "WAF is the count of WAF protection attacks.\n", + "type": "integer" + }, + "xss": { + "description": "XSS is the count of XSS attacks.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AutoApplyPatchesSpec": { + "description": "AutoApplyPatchesSpec is the configuration for automation apply patches protection", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.BodyConfig": { + "description": "BodyConfig represents app configuration related to HTTP Body", + "properties": { + "inspectionLimitExceededEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "inspectionSizeBytes": { + "description": "InspectionSizeBytes represents the max amount of data to inspect in request body.\n", + "type": "integer" + }, + "skip": { + "description": "Skip indicates that body inspection should be skipped.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.BodySchema": { + "description": "BodySchema is the request's body schema", + "properties": { + "contentType": { + "description": "ContentType is the content type the schema represents.\n", + "type": "string" + }, + "head": { + "$ref": "#/components/schemas/waas.BodySchemaNode" + } + }, + "type": "object" + }, + "waas.BodySchemaChildren": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.BodySchemaNode" + }, + "description": "BodySchemaChildren represents a set of body schema children, uniquely identified by the body field's name", + "type": "object" + }, + "waas.BodySchemaNode": { + "description": "BodySchemaNode represents a single body schema node", + "properties": { + "children": { + "$ref": "#/components/schemas/waas.BodySchemaChildren" + }, + "name": { + "description": "Name is the body schema item name (key for json, tag name for xml).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.ParamType" + } + }, + "type": "object" + }, + "waas.BotProtectionSpec": { + "description": "BotProtectionSpec is the bot protections spec", + "properties": { + "interstitialPage": { + "description": "Indicates if an interstitial page is served (true) or not (false).\n", + "type": "boolean" + }, + "jsInjectionSpec": { + "$ref": "#/components/schemas/waas.JSInjectionSpec" + }, + "knownBotProtectionsSpec": { + "$ref": "#/components/schemas/waas.KnownBotProtectionsSpec" + }, + "reCAPTCHASpec": { + "$ref": "#/components/schemas/waas.ReCAPTCHASpec" + }, + "sessionValidation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "unknownBotProtectionSpec": { + "$ref": "#/components/schemas/waas.UnknownBotProtectionSpec" + }, + "userDefinedBots": { + "description": "Effects to perform when user-defined bots are detected.\n", + "items": { + "$ref": "#/components/schemas/waas.UserDefinedBot" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.CertificateMeta": { + "description": "CertificateMeta is the certificate metadata", + "properties": { + "issuerName": { + "description": "IssuerName is the certificate issuer common name.\n", + "type": "string" + }, + "notAfter": { + "description": "NotAfter is the time the certificate is not valid (expiry time).\n", + "format": "date-time", + "type": "string" + }, + "subjectName": { + "description": "SubjectName is the certificate subject common name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.ClientType": { + "description": "ClientType is an HTTP client type", + "enum": [ + [ + "browser", + "mobile", + "httpLib", + "apiLib" + ] + ], + "type": "string" + }, + "waas.CustomBlockResponseConfig": { + "description": "CustomBlockResponseConfig is a custom block message config for a policy", + "properties": { + "body": { + "description": "Custom HTML for the block response.\n", + "type": "string" + }, + "code": { + "description": "Custom HTTP response code for the block response.\n", + "type": "integer" + }, + "enabled": { + "description": "Indicates if the custom block response is enabled (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.CustomReCAPTCHAPageSpec": { + "description": "CustomReCAPTCHAPageSpec is the custom reCAPTCHA page spec", + "properties": { + "body": { + "description": "Custom HTML for the reCAPTCHA page.\n", + "type": "string" + }, + "enabled": { + "description": "Indicates if the custom reCAPTCHA page is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.DailyStats": { + "description": "DailyStats represents the WAAS daily stats", + "properties": { + "_id": { + "description": "Date is date that the daily stats are relevant to.\n", + "type": "string" + }, + "actionStats": { + "$ref": "#/components/schemas/waas.ActionStats" + }, + "attackTypeStats": { + "$ref": "#/components/schemas/waas.AttackTypeStats" + }, + "geoData": { + "$ref": "#/components/schemas/waas.GeoData" + }, + "inspectedBytes": { + "description": "InspectedBytes is total amount body bytes inspected by WAAS.\n", + "type": "integer" + }, + "policyChangeCount": { + "description": "PolicyChangeCount is the amount of policy changes for this day.\n", + "type": "integer" + }, + "totalRequests": { + "description": "TotalRequests is the total request count.\n", + "type": "integer" + }, + "unprotectedAppsVulnStats": { + "$ref": "#/components/schemas/waas.UnprotectedAppsVulnStats" + } + }, + "type": "object" + }, + "waas.Dashboard": { + "description": "Dashboard contains the data of the WAAS Dashboard", + "properties": { + "appProtectionStats": { + "$ref": "#/components/schemas/waas.AppProtectionStats" + }, + "dailyStats": { + "description": "DailyStats are the WAAS daily stats.\n", + "items": { + "$ref": "#/components/schemas/waas.DailyStats" + }, + "type": "array" + }, + "insights": { + "description": "Insights are the current WAAS insights.\n", + "items": { + "$ref": "#/components/schemas/waas.Insight" + }, + "type": "array" + }, + "policyStats": { + "$ref": "#/components/schemas/waas.PolicyStats" + } + }, + "type": "object" + }, + "waas.DiscoveredAPI": { + "description": "DiscoveredAPI represents a single discovered API path+method information's", + "properties": { + "appID": { + "description": "AppID is the app ID.\n", + "type": "string" + }, + "clientTypes": { + "description": "ClientTypes are the client types used to access this path.\n", + "items": { + "$ref": "#/components/schemas/waas.ClientType" + }, + "type": "array" + }, + "firstSeen": { + "description": "FirstSeen is the date when this path was first seen.\n", + "format": "date-time", + "type": "string" + }, + "hits": { + "description": "Hits are amount of hits on this path.\n", + "type": "integer" + }, + "host": { + "description": "Host is the host seen for this API.\n", + "type": "string" + }, + "image": { + "description": "Image is the image names seen for this API.\n", + "type": "string" + }, + "lastChanged": { + "description": "LastChanged is the date when this path was last changed.\n", + "format": "date-time", + "type": "string" + }, + "lastSeen": { + "description": "LastSeen is the date when this path was last seen.\n", + "format": "date-time", + "type": "string" + }, + "method": { + "description": "Method is the API method.\n", + "type": "string" + }, + "owaspAPIAttacks": { + "description": "OWASPAPIAttacks indicates whether OWASP API Top-10 attacks were found on the API.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the API path.\n", + "type": "string" + }, + "protectionStatus": { + "$ref": "#/components/schemas/waas.APIProtectionStatus" + }, + "public": { + "description": "Public indicates this path may be accessed from the internet.\n", + "type": "boolean" + }, + "requiresAuthentication": { + "description": "RequiresAuthentication indicated this path requires authentication to access.\n", + "type": "boolean" + }, + "responseSensitiveData": { + "description": "ResponseSensitiveData indicated this path may be used with sensitive data attached in response.\n", + "type": "boolean" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "riskScore": { + "description": "RiskScore is the sum of all risk factors (used for sorting and filter by risk factors).\n", + "type": "integer" + }, + "ruleID": { + "description": "RuleID is the rule ID.\n", + "type": "string" + }, + "sensitiveData": { + "description": "SensitiveData indicated this path may be used with sensitive data attached in request.\n", + "type": "boolean" + }, + "servers": { + "description": "Servers are the servers seen for this API.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "waas.DoSConfig": { + "description": "DoSConfig is a dos policy specification", + "properties": { + "alert": { + "$ref": "#/components/schemas/waas.DoSRates" + }, + "ban": { + "$ref": "#/components/schemas/waas.DoSRates" + }, + "enabled": { + "description": "Enabled indicates if dos protection is enabled.\n", + "type": "boolean" + }, + "excludedNetworkLists": { + "description": "Network IPs to exclude from DoS tracking.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "matchConditions": { + "description": "Conditions on which to match to track a request. The conditions are \\\"OR\\\"'d together during the check.\n", + "items": { + "$ref": "#/components/schemas/waas.DoSMatchCondition" + }, + "type": "array" + }, + "trackSession": { + "description": "Indicates if the custom session ID generated during bot protection flow is tracked (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.DoSMatchCondition": { + "description": "DoSMatchCondition is used for matching a request for tracking", + "properties": { + "fileTypes": { + "description": "File types for request matching.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "methods": { + "description": "HTTP methods for request matching.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "responseCodeRanges": { + "description": "Response codes for the request's response matching.\n", + "items": { + "$ref": "#/components/schemas/waas.StatusCodeRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.DoSRates": { + "description": "DoSRates specifies dos requests rates (thresholds)", + "properties": { + "average": { + "description": "Average request rate (requests / second).\n", + "type": "integer" + }, + "burst": { + "description": "Burst request rate (requests / second).\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.Effect": { + "description": "Effect is the effect that will be used in the rule", + "enum": [ + [ + "ban", + "prevent", + "alert", + "allow", + "disable", + "reCAPTCHA" + ] + ], + "type": "string" + }, + "waas.Endpoint": { + "description": "Endpoint is an application endpoint", + "properties": { + "basePath": { + "description": "Base path for the endpoint.\n", + "type": "string" + }, + "exposedPort": { + "description": "Exposed port that the proxy is listening on.\n", + "type": "integer" + }, + "grpc": { + "description": "Indicates if the proxy supports gRPC (true) or not (false).\n", + "type": "boolean" + }, + "host": { + "description": "URL address (name or IP) of the endpoint's API specification (e.g., petstore.swagger.io). The address can be prefixed with a wildcard (e.g., *.swagger.io).\n", + "type": "string" + }, + "http2": { + "description": "Indicates if the proxy supports HTTP/2 (true) or not (false).\n", + "type": "boolean" + }, + "internalPort": { + "description": "Internal port that the application is listening on.\n", + "type": "integer" + }, + "tls": { + "description": "Indicates if the connection is secured (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.ExceptionField": { + "description": "ExceptionField is used to perform the protection exception fields", + "properties": { + "key": { + "description": "Field in HTTP request.\n", + "type": "string" + }, + "keyPattern": { + "description": "Match and scrub by keys, relevant when location is not defined.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ExceptionLocation" + }, + "response": { + "description": "Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.\n", + "type": "boolean" + }, + "valuePattern": { + "description": "Match and scrub by values, relevant when location is not defined.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.ExceptionLocation": { + "description": "ExceptionLocation indicates exception http field location", + "enum": [ + [ + "path", + "query", + "queryValues", + "cookie", + "UserAgentHeader", + "header", + "body", + "rawBody", + "XMLPath", + "JSONPath" + ] + ], + "type": "string" + }, + "waas.FeatureExceptions": { + "description": "FeatureExceptions represents subnets that should bypass WAAS features", + "properties": { + "subnets": { + "description": "Subnets are network lists for which requests bypass WAAS features.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.FileType": { + "description": "FileType is the type of an uploaded file", + "enum": [ + [ + "pdf", + "officeLegacy", + "officeOoxml", + "odf", + "jpeg", + "png", + "gif", + "bmp", + "ico", + "avi", + "mp4", + "aac", + "mp3", + "wav", + "zip", + "gzip", + "rar", + "7zip" + ] + ], + "type": "string" + }, + "waas.FirewallType": { + "description": "FirewallType represents the firewall type", + "enum": [ + [ + "host-proxy", + "host-out-of-band", + "container-proxy", + "container-out-of-band", + "app-embedded", + "agentless", + "REST" + ] + ], + "type": "string" + }, + "waas.GeoData": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.TrafficStats" + }, + "description": "GeoData are the per-country traffic stats", + "type": "object" + }, + "waas.HSTSConfig": { + "description": "HSTSConfig is the HTTP Strict Transport Security configuration in order to enforce HSTS header\nsee: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", + "properties": { + "enabled": { + "description": "Enabled indicates if HSTS enforcement is enabled.\n", + "type": "boolean" + }, + "includeSubdomains": { + "description": "IncludeSubdomains indicates if this rule applies to all of the site's subdomains as well.\n", + "type": "boolean" + }, + "maxAgeSeconds": { + "description": "maxAgeSeconds is the time (in seconds) that the browser should remember that a site is only be accessed using HTTPS.\n", + "type": "integer" + }, + "preload": { + "description": "Preload indicates if it should support preload.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.HTTPField": { + "description": "HTTPField is used to perform checks on flags and fields", + "properties": { + "key": { + "description": "Key is the key of the field, if exists (e.g. header and cookie).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.HTTPFieldType" + }, + "value": { + "description": "Value is the value of the field, if exists.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.HTTPFieldType": { + "description": "HTTPFieldType indicates type of http field", + "enum": [ + [ + "method", + "xmlBody", + "jsonBody", + "formBody", + "multipartBody", + "rawBody", + "rawBodyResponse", + "protobufBody", + "query", + "queryParamName", + "cookie", + "header", + "url" + ] + ], + "type": "string" + }, + "waas.HeaderSpec": { + "description": "HeaderSpec is specification for a single header and its allowed or blocked values", + "properties": { + "allow": { + "description": "Indicates if the flow is to be allowed (true) or blocked (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "name": { + "description": "Header name.\n", + "type": "string" + }, + "required": { + "description": "Indicates if the header must be present (true) or not (false).\n", + "type": "boolean" + }, + "values": { + "description": "Wildcard expressions that represent the header value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.Insight": { + "description": "Insight represents an insight on the dashboard", + "properties": { + "message": { + "description": "Message is the display message of the insight.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.InsightType" + } + }, + "type": "object" + }, + "waas.InsightType": { + "description": "InsightType is the insight type", + "enum": [ + [ + "vulnerableUnprotectedApps", + "expiredCertificate", + "upcomingCertificateExpiry", + "noAPIProtection" + ] + ], + "type": "string" + }, + "waas.IntelGatheringConfig": { + "description": "IntelGatheringConfig is the configuration for intelligence gathering protections", + "properties": { + "infoLeakageEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "removeFingerprintsEnabled": { + "description": "Indicates if server fingerprints should be removed (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.JSInjectionSpec": { + "description": "JSInjectionSpec is the js injection protection spec", + "properties": { + "enabled": { + "description": "Indicates if JavaScript injection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "timeoutEffect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.KnownBotProtectionsSpec": { + "description": "KnownBotProtectionsSpec is the known bot protections spec", + "properties": { + "archiving": { + "$ref": "#/components/schemas/waas.Effect" + }, + "businessAnalytics": { + "$ref": "#/components/schemas/waas.Effect" + }, + "careerSearch": { + "$ref": "#/components/schemas/waas.Effect" + }, + "contentFeedClients": { + "$ref": "#/components/schemas/waas.Effect" + }, + "educational": { + "$ref": "#/components/schemas/waas.Effect" + }, + "financial": { + "$ref": "#/components/schemas/waas.Effect" + }, + "mediaSearch": { + "$ref": "#/components/schemas/waas.Effect" + }, + "news": { + "$ref": "#/components/schemas/waas.Effect" + }, + "searchEngineCrawlers": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.MaliciousUploadConfig": { + "description": "MaliciousUploadConfig is the configuration for file upload protection", + "properties": { + "allowedExtensions": { + "description": "Allowed file extensions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allowedFileTypes": { + "description": "Allowed file types.\n", + "items": { + "$ref": "#/components/schemas/waas.FileType" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.Method": { + "description": "Method is a method information", + "properties": { + "method": { + "description": "Type of HTTP request (e.g., PUT, GET, etc.).\n", + "type": "string" + }, + "parameters": { + "description": "Parameters that are part of the HTTP request.\n", + "items": { + "$ref": "#/components/schemas/waas.Param" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.MinTLSVersion": { + "description": "MinTLSVersion is the list of acceptable TLS versions", + "enum": [ + [ + "1.0", + "1.1", + "1.2", + "1.3" + ] + ], + "type": "string" + }, + "waas.MonitoringStats": { + "description": "MonitoringStats are the waas per-profile monitoring stats", + "properties": { + "aggregationStart": { + "description": "AggregationStart indicates when stats aggregation started.\n", + "format": "date-time", + "type": "string" + }, + "firewallType": { + "$ref": "#/components/schemas/waas.FirewallType" + }, + "lastUpdate": { + "description": "LastUpdate indicates when the stats were last updated.\n", + "format": "date-time", + "type": "string" + }, + "profileID": { + "description": "ProfileID is the profile ID.\n", + "type": "string" + }, + "stats": { + "$ref": "#/components/schemas/waas.APIStats" + } + }, + "type": "object" + }, + "waas.NetworkControls": { + "description": "NetworkControls contains the network controls config (e.g., access controls for IPs and countries)", + "properties": { + "advancedProtectionEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "countries": { + "$ref": "#/components/schemas/waas.AccessControls" + }, + "exceptionSubnets": { + "description": "Network lists for which requests completely bypass WAAS checks and protections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "networkControlsExceptionSubnets": { + "$ref": "#/components/schemas/waas.FeatureExceptions" + }, + "subnets": { + "$ref": "#/components/schemas/waas.AccessControls" + } + }, + "type": "object" + }, + "waas.NetworkList": { + "description": "NetworkList represent network list of IP/CIDR in waas", + "properties": { + "_id": { + "description": "Unique ID.\n", + "type": "string" + }, + "description": { + "description": "Description of the network list.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "subnets": { + "description": "List of the IPv4 addresses and IP CIDR blocks.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.OWASPAPITop10": { + "description": "OWASPAPITop10 represents OWASP API top 10 attacks", + "enum": [ + [ + "excessiveDataExposure", + "lackOfResources&RateLimiting", + "brokenFunctionLevelAuthorization", + "securityMisconfiguration", + "injection" + ] + ], + "type": "string" + }, + "waas.OWASPTop10": { + "description": "OWASPTop10 represents OWASP top 10 attacks", + "enum": [ + [ + "brokenAccessControl", + "cryptographicFailures", + "injection", + "insecureDesign" + ] + ], + "type": "string" + }, + "waas.OpenAPIScan": { + "description": "OpenAPIScan represents the OpenAPI file scan", + "properties": { + "_id": { + "description": "ID is the scan identifier.\n", + "type": "string" + }, + "issueResults": { + "description": "IssueResults are the scanned issues results.\n", + "items": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueResult" + }, + "type": "array" + }, + "scanInfo": { + "$ref": "#/components/schemas/waas.OpenAPIScanInfo" + }, + "scanStartTime": { + "description": "ScanStartTime is the scan started.\n", + "format": "date-time", + "type": "string" + }, + "severityDistribution": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssuesSeverityDistribution" + }, + "specInfo": { + "$ref": "#/components/schemas/waas.OpenAPISpecInfo" + } + }, + "type": "object" + }, + "waas.OpenAPIScanInfo": { + "description": "OpenAPIScanInfo is the OpenAPI scan info", + "properties": { + "appID": { + "description": "AppID is the WAAS app id the file was imported from.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "ruleID": { + "description": "RuleID is the WAAS rule id the file was imported from.\n", + "type": "string" + }, + "source": { + "$ref": "#/components/schemas/waas.OpenAPIScanSource" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueMetadata": { + "description": "OpenAPIScanIssueMetadata represents the static metadata of an API definition issue\nFields reflect the KICS metadata,\nExample: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/metadata.json", + "properties": { + "category": { + "description": "Category is the issue category.\n", + "type": "string" + }, + "descriptionText": { + "description": "DescriptionText is the issue description.\n", + "type": "string" + }, + "descriptionUrl": { + "description": "DescriptionURL is the issue information url.\n", + "type": "string" + }, + "id": { + "description": "ID is the unique identifier of the issue metadata.\n", + "type": "string" + }, + "override": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueMetadata" + }, + "description": "Override is the list of possible override fields by OpenAPI version.\n", + "type": "object" + }, + "queryName": { + "description": "Name is the issue name.\n", + "type": "string" + }, + "severity": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueSeverity" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueResult": { + "description": "OpenAPIScanIssueResult represents a specific issue result in the OpenAPI spec file\nFields reflect the KICS rego queries result,\nExample: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/query.rego", + "properties": { + "_id": { + "description": "ID is the issue result ID.\n", + "type": "integer" + }, + "category": { + "description": "Category is the issue category.\n", + "type": "string" + }, + "descriptionText": { + "description": "DescriptionText is the issue description.\n", + "type": "string" + }, + "descriptionUrl": { + "description": "DescriptionURL is the issue information url.\n", + "type": "string" + }, + "id": { + "description": "ID is the unique identifier of the issue metadata.\n", + "type": "string" + }, + "override": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueMetadata" + }, + "description": "Override is the list of possible override fields by OpenAPI version.\n", + "type": "object" + }, + "queryName": { + "description": "Name is the issue name.\n", + "type": "string" + }, + "searchKey": { + "description": "SearchKey is the issue location in the spec file.\n", + "type": "string" + }, + "severity": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueSeverity" + }, + "status": { + "description": "Status is the issue status.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueSeverity": { + "description": "OpenAPIScanIssueSeverity is the OpenAPI spec file issue severity", + "enum": [ + [ + "INFO", + "LOW", + "MEDIUM", + "HIGH" + ] + ], + "type": "string" + }, + "waas.OpenAPIScanIssueStatus": { + "description": "OpenAPIScanIssueStatus represents an OpenAPI file issue status", + "properties": { + "id": { + "description": "ID is the issue result ID.\n", + "type": "integer" + }, + "status": { + "description": "Status is the issue status.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssuesSeverityDistribution": { + "description": "OpenAPIScanIssuesSeverityDistribution counts the number of issues per severity type", + "properties": { + "high": { + "description": "High is the high severity issues count.\n", + "type": "integer" + }, + "info": { + "description": "Info is the info severity issues count.\n", + "type": "integer" + }, + "low": { + "description": "Low is the low severity issues count.\n", + "type": "integer" + }, + "medium": { + "description": "Medium is the medium severity issues count.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.OpenAPIScanSource": { + "description": "OpenAPIScanSource is the scan trigger source", + "enum": [ + [ + "app", + "cli", + "manual" + ] + ], + "type": "string" + }, + "waas.OpenAPISpecInfo": { + "description": "OpenAPISpecInfo is the OpenAPI spec info", + "properties": { + "content": { + "description": "Content is the OpenAPI spec content.\n", + "items": { + "$ref": "#/components/schemas/byte" + }, + "type": "array" + }, + "contentType": { + "description": "ContentType is the OpenAPI spec file content type.\n", + "type": "string" + }, + "fileName": { + "description": "FileName is the OpenAPI spec file name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OutOfBandMode": { + "description": "OutOfBandMode holds the app firewall out-of-band mode", + "enum": [ + [ + "", + "Observation", + "Protection" + ] + ], + "type": "string" + }, + "waas.OutOfBandRuleScope": { + "description": "OutOfBandRuleScope represents the Out-of-Band Rule Scope", + "enum": [ + [ + "container", + "host", + "" + ] + ], + "type": "string" + }, + "waas.Param": { + "description": "Param contains a parameter information", + "properties": { + "allowEmptyValue": { + "description": "Indicates if an empty value is allowed (true) or not (false).\n", + "type": "boolean" + }, + "array": { + "description": "Indicates if multiple values of the specified type are allowed (true) or not (false).\n", + "type": "boolean" + }, + "explode": { + "description": "Indicates if arrays should generate separate parameters for each array item or object property.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ParamLocation" + }, + "max": { + "description": "Maximum allowable value for a numeric parameter.\n", + "format": "double", + "type": "number" + }, + "min": { + "description": "Minimum allowable value for a numeric parameter.\n", + "format": "double", + "type": "number" + }, + "name": { + "description": "Name of the parameter.\n", + "type": "string" + }, + "required": { + "description": "Indicates if the parameter is required (true) or not (false).\n", + "type": "boolean" + }, + "style": { + "$ref": "#/components/schemas/waas.ParamStyle" + }, + "type": { + "$ref": "#/components/schemas/waas.ParamType" + } + }, + "type": "object" + }, + "waas.ParamLocation": { + "description": "ParamLocation is the location of a parameter", + "enum": [ + [ + "path", + "query", + "cookie", + "header", + "body", + "json", + "xml", + "formData", + "multipart" + ] + ], + "type": "string" + }, + "waas.ParamStyle": { + "description": "ParamStyle is a param format style, defined by OpenAPI specification\nIt describes how the parameter value will be serialized depending on the type of the parameter value.\nRef: https://swagger.io/docs/specification/serialization/\nhttps://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#style-examples", + "enum": [ + [ + "simple", + "spaceDelimited", + "tabDelimited", + "pipeDelimited", + "form", + "matrix", + "label" + ] + ], + "type": "string" + }, + "waas.ParamType": { + "description": "ParamType is the type of a parameter, defined by OpenAPI specification\nRef: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types", + "enum": [ + [ + "integer", + "number", + "string", + "boolean", + "array", + "object" + ] + ], + "type": "string" + }, + "waas.Path": { + "description": "Path is an API path information", + "properties": { + "methods": { + "description": "Supported operations for the path (e.g., PUT, GET, etc.).\n", + "items": { + "$ref": "#/components/schemas/waas.Method" + }, + "type": "array" + }, + "path": { + "description": "Relative path to an endpoint such as \\\"/pet/{petId}\\\".\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.Policy": { + "description": "Policy represents the policy", + "properties": { + "_id": { + "description": "Unique internal ID.\n", + "type": "string" + }, + "maxPort": { + "description": "Maximum port number to use in the application firewall.\n", + "type": "integer" + }, + "minPort": { + "description": "Minimum port number to use in the application firewall.\n", + "type": "integer" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/waas.Rule" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.PolicyStats": { + "description": "PolicyStats contains the WAAS policy statistics", + "properties": { + "appStats": { + "$ref": "#/components/schemas/waas.AppStats" + }, + "apps": { + "description": "Apps is the total amount of apps in the WAAS policies.\n", + "type": "integer" + }, + "rules": { + "description": "Rules is the total amount of rules in the WAAS policies.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.Protection": { + "description": "Protection is the type of protection", + "enum": [ + [ + "firewall", + "dos", + "bot", + "custom", + "accessControl" + ] + ], + "type": "string" + }, + "waas.ProtectionConfig": { + "description": "ProtectionConfig represents a WAAS protection config", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "exceptionFields": { + "description": "Exceptions.\n", + "items": { + "$ref": "#/components/schemas/waas.ExceptionField" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ProtectionStatus": { + "description": "ProtectionStatus describes the status of the WAAS protection", + "properties": { + "enabled": { + "description": "Enabled indicates if WAAS proxy protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "outOfBandMode": { + "$ref": "#/components/schemas/waas.OutOfBandMode" + }, + "ports": { + "description": "Ports indicates http open ports associated with the container.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "supported": { + "description": "Supported indicates if WAAS protection is supported (true) or not (false).\n", + "type": "boolean" + }, + "tlsPorts": { + "description": "TLSPorts indicates https open ports associated with the container.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "unprotectedProcesses": { + "description": "UnprotectedProcesses holds the processes that support HTTP/HTTPS without WAAS protection.\n", + "items": { + "$ref": "#/components/schemas/waas.UnprotectedProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ReCAPTCHASpec": { + "description": "ReCAPTCHASpec is the reCAPTCHA spec", + "properties": { + "allSessions": { + "description": "Indicates if the reCAPTCHA page is served at the start of every new session (true) or not (false).\n", + "type": "boolean" + }, + "customPageSpec": { + "$ref": "#/components/schemas/waas.CustomReCAPTCHAPageSpec" + }, + "enabled": { + "description": "Indicates if reCAPTCHA integration is enabled (true) or not (false).\n", + "type": "boolean" + }, + "secretKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "siteKey": { + "description": "ReCAPTCHA site key to use when invoking the reCAPTCHA service.\n", + "type": "string" + }, + "successExpirationHours": { + "description": "Duration for which the indication of reCAPTCHA success is kept. Maximum value is 30 days * 24 = 720 hours.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/waas.ReCAPTCHAType" + } + }, + "type": "object" + }, + "waas.ReCAPTCHAType": { + "description": "ReCAPTCHAType is the reCAPTCHA configured type", + "enum": [ + [ + "checkbox", + "invisible" + ] + ], + "type": "string" + }, + "waas.RemoteHostForwardingConfig": { + "description": "RemoteHostForwardingConfig defines a remote host to forward requests to", + "properties": { + "enabled": { + "description": "Indicates if remote host forwarding is enabled (true) or not (false).\n", + "type": "boolean" + }, + "target": { + "description": "Remote host to forward requests to.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.ReqErrorCtx": { + "description": "ReqErrorCtx is the request error context", + "properties": { + "defender": { + "description": "Defender is the defender name from which the error originated.\n", + "type": "string" + }, + "err": { + "description": "Err is the API error.\n", + "type": "string" + }, + "requestInspectionDuration": { + "description": "RequestInspectionDuration is the request inspection handling time by the WAAS plugins (time spent in WAAS before forwarding the request and handling the response).\n", + "format": "int64", + "type": "integer" + }, + "requestStart": { + "description": "RequestStart is the request start time.\n", + "format": "date-time", + "type": "string" + }, + "route": { + "description": "Route is the API route.\n", + "type": "string" + }, + "serveDuration": { + "description": "ServeDuration is the total request handling time including forwarding and response until the error.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "waas.RequestAnomalies": { + "description": "RequestAnomalies is the request anomalies spec", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "threshold": { + "$ref": "#/components/schemas/waas.RequestAnomalyThreshold" + } + }, + "type": "object" + }, + "waas.RequestAnomalyThreshold": { + "description": "RequestAnomalyThreshold is the score threshold for which request anomaly violation is triggered", + "enum": [ + [ + "3", + "6", + "9" + ] + ], + "type": "integer" + }, + "waas.ResponseCodeStats": { + "description": "ResponseCodeStats holds counts of different response types\nCategories taken from: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status", + "properties": { + "clientErrors": { + "description": "ClientErrors are the codes in the 400-499 range.\n", + "type": "integer" + }, + "informational": { + "description": "Informational are the codes in the 100-199 range.\n", + "type": "integer" + }, + "redirects": { + "description": "Redirects are the codes in the 300-399 range.\n", + "type": "integer" + }, + "serverErrors": { + "description": "ServerErrors are the codes in the 500-599 range.\n", + "type": "integer" + }, + "successful": { + "description": "Successful are the codes in the 200-299 range.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.ResponseHeaderSpec": { + "description": "ResponseHeaderSpec is specification for a single response header to modify", + "properties": { + "name": { + "description": "Header name (will be canonicalized when possible).\n", + "type": "string" + }, + "override": { + "description": "Indicates whether to override existing values (true) or add to them (false).\n", + "type": "boolean" + }, + "values": { + "description": "New header values.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.Rule": { + "description": "Rule represents a single rule that is associated with an app firewall", + "properties": { + "allowMalformedHttpHeaderNames": { + "description": "AllowMalformedHTTPHeaderNames indicates if validation of http request header names should allow non-compliant characters.\n", + "type": "boolean" + }, + "applicationsSpec": { + "description": "List of API specifications in the rule.\n", + "items": { + "$ref": "#/components/schemas/waas.ApplicationSpec" + }, + "type": "array" + }, + "autoProtectPorts": { + "description": "AutoProtectPorts indicates if http ports should be automatically detected and protected.\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "outOfBandScope": { + "$ref": "#/components/schemas/waas.OutOfBandRuleScope" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "readTimeoutSeconds": { + "description": "ReadTimeout is the timeout of request reads in seconds, when no value is specified (0) the timeout is 5 seconds.\n", + "type": "integer" + }, + "skipAPILearning": { + "description": "SkipAPILearning indicates if API discovery is to be skipped (true) or not (false).\n", + "type": "boolean" + }, + "trafficMirroring": { + "$ref": "#/components/schemas/waas.TrafficMirroringConfig" + }, + "windows": { + "description": "Indicates whether the operating system of the app is windows, default is Linux.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.SameSite": { + "description": "SameSite allows a server to define a cookie attribute making it impossible for\nthe browser to send this cookie along with cross-site requests. The main\ngoal is to mitigate the risk of cross-origin information leakage, and provide\nsome protection against cross-site request forgery attacks.\n\nSee https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite for details", + "enum": [ + [ + "Lax", + "Strict", + "None" + ] + ], + "type": "string" + }, + "waas.SensitiveDataSpec": { + "description": "SensitiveDataSpec defined a single sensitive data specification", + "properties": { + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "key": { + "description": "Field in HTTP request.\n", + "type": "string" + }, + "keyPattern": { + "description": "Match and scrub by keys, relevant when location is not defined.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ExceptionLocation" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "placeholder": { + "description": "Placeholder is the placeholder text to replace the matched field content.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "response": { + "description": "Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.\n", + "type": "boolean" + }, + "sensitiveData": { + "description": "SensitiveData indicates this spec is used for marking APIs as using sensitive data for API discovery.\n", + "type": "boolean" + }, + "skipLogScrubbing": { + "description": "SkipLogScrubbing indicates this spec is not used for log scrubbing.\n", + "type": "boolean" + }, + "valuePattern": { + "description": "Match and scrub by values, relevant when location is not defined.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.SensitiveDataSpecs": { + "description": "SensitiveDataSpecs is the sensitive data specifications", + "items": { + "$ref": "#/components/schemas/waas.SensitiveDataSpec" + }, + "type": "array" + }, + "waas.SizeRangeDistribution": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "type": "object" + }, + "waas.StatusCodeDistribution": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "type": "object" + }, + "waas.StatusCodeRange": { + "description": "StatusCodeRange represents a status code range", + "properties": { + "end": { + "description": "End of the range. Can be omitted if using a single status code.\n", + "type": "integer" + }, + "start": { + "description": "Start of the range. Can also be used for a single, non-range value.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.TLSConfig": { + "description": "TLSConfig holds the user TLS configuration and the certificate data", + "properties": { + "HSTSConfig": { + "$ref": "#/components/schemas/waas.HSTSConfig" + }, + "metadata": { + "$ref": "#/components/schemas/waas.CertificateMeta" + }, + "minTLSVersion": { + "$ref": "#/components/schemas/waas.MinTLSVersion" + } + }, + "type": "object" + }, + "waas.TrafficMirroringConfig": { + "description": "TrafficMirroringConfig is the traffic mirroring configuration", + "properties": { + "enabled": { + "description": "TODO #41884 - remove traffic mirroring enabled flag when no longer needed for BC\nEnabled indicates if traffic mirroring is enabled.\n", + "type": "boolean" + }, + "sampling": { + "description": "Sampling indicates if this is a sampling VPC.\n", + "type": "boolean" + }, + "vpcConfig": { + "$ref": "#/components/schemas/waas.VPCConfig" + } + }, + "type": "object" + }, + "waas.TrafficStats": { + "description": "TrafficStats are traffic stats", + "properties": { + "attacks": { + "description": ".\n", + "type": "integer" + }, + "requests": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.UnknownBotProtectionSpec": { + "description": "UnknownBotProtectionSpec is the unknown bot protection spec", + "properties": { + "apiLibraries": { + "$ref": "#/components/schemas/waas.Effect" + }, + "botImpersonation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "browserImpersonation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "generic": { + "$ref": "#/components/schemas/waas.Effect" + }, + "httpLibraries": { + "$ref": "#/components/schemas/waas.Effect" + }, + "requestAnomalies": { + "$ref": "#/components/schemas/waas.RequestAnomalies" + }, + "webAutomationTools": { + "$ref": "#/components/schemas/waas.Effect" + }, + "webScrapers": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.UnprotectedAppsVulnStats": { + "description": "UnprotectedAppsVulnStats contains vulnerability statistics of unprotected web apps", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + }, + "none": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.UnprotectedContainersWebApps": { + "description": "UnprotectedContainersWebApps contains the result of scanning unprotected containers summary", + "properties": { + "_id": { + "description": "Image is the image name.\n", + "type": "string" + }, + "count": { + "description": "Count is the sum of containers using this image.\n", + "type": "integer" + }, + "ports": { + "description": "Ports is the open http ports on containers using this image.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "tlsPorts": { + "description": "TLSPorts is the open https ports on containers using this image.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.UnprotectedHostsWebApps": { + "description": "UnprotectedHostsWebApps contains the result of scanning unprotected hosts summary", + "properties": { + "hostname": { + "description": "Hostname is the host name.\n", + "type": "string" + }, + "unprotectedProcesses": { + "description": "UnprotectedProcesses is processes that uses HTTP/HTTPs but are unprotected by WAAS.\n", + "items": { + "$ref": "#/components/schemas/waas.UnprotectedProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.UnprotectedProcess": { + "description": "UnprotectedProcess holds unprotected processes alongside the port", + "properties": { + "port": { + "description": "Port is the process port.\n", + "type": "integer" + }, + "process": { + "description": "Process is the process name.\n", + "type": "string" + }, + "tls": { + "description": "TLS is the port TLS indication.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.UserDefinedBot": { + "description": "UserDefinedBot indicates a user-defined bot and its effect", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "headerName": { + "description": "Header name which defines the bot.\n", + "type": "string" + }, + "headerValues": { + "description": "Header values corresponding to the header name. Can contain wildcards.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name of the bot.\n", + "type": "string" + }, + "subnets": { + "description": "Subnets where the bot originates. Specify using network lists.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.VPCConfig": { + "description": "VPCConfig is the VPC configuration (there is a 1-to-1 relation with the rule, only one configuration per rule)", + "properties": { + "autoScalingEnabled": { + "description": "AutoScalingEnabled indicates that the deployment is made with auto VPC observer instances scaling.\n", + "type": "boolean" + }, + "autoScalingMaxInstances": { + "description": "AutoScalingMaxInstances is the maximum deployed instances when auto scaling is enabled.\n", + "type": "integer" + }, + "configID": { + "description": "ConfigID is a unique ID for the configuration.\n", + "type": "string" + }, + "consoleHostname": { + "description": "ConsoleHostname represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "instanceNames": { + "description": "InstanceNames are the names of the instances to mirror (can be wildcard).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "instanceType": { + "description": "InstanceType is the instance type to use for the defender instance.\n", + "type": "string" + }, + "ports": { + "description": "Ports are the ports to mirror.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "region": { + "description": "Region is the AWS region the mirrored VMs are located in.\n", + "type": "string" + }, + "subnetID": { + "description": "SubnetID is the ID of the subnet the defender will be deployed in.\n", + "type": "string" + }, + "tags": { + "description": "Tags are the tags to filter for instances to mirror in Key:Value format or \"*\".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vpcID": { + "description": "VPCID is the ID of the VPC to look for instances to mirror and to deploy the defender in.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigMirroredVM": { + "description": "VPCConfigMirroredVM is a VM mirrored by a VPC configuration deployment", + "properties": { + "id": { + "description": "ID is the VM ID.\n", + "type": "string" + }, + "name": { + "description": "Name is the VM name.\n", + "type": "string" + }, + "networkInterfaceID": { + "description": "NetworkInterfaceID is the network interface ID for the VM.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigResource": { + "description": "VPCConfigResource is a resource created by a VPC configuration deployment", + "properties": { + "id": { + "description": "ID is the resource ID.\n", + "type": "string" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + }, + "type": { + "description": "Type is the resource type.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigState": { + "description": "VPCConfigState is the state of a VPC configuration\nThis includes only the state needed by the frontend\nbson bindings do not omit empty as the structure is updated using upsert and fields may need to be set to empty value", + "properties": { + "configID": { + "description": "ConfigID is the ID of the VPC configuration.\n", + "type": "string" + }, + "error": { + "description": "Error is the error received during deployment (on failure).\n", + "type": "string" + }, + "lastUpdate": { + "description": "LastUpdate is the time when the deployment was last updated.\n", + "format": "date-time", + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/waas.VPCConfigStatus" + } + }, + "type": "object" + }, + "waas.VPCConfigStatus": { + "description": "VPCConfigStatus is the status of a VPC configuration deployment", + "enum": [ + [ + "inProcess", + "error", + "ready", + "deletionInProgress", + "deleteError", + "deleted" + ] + ], + "type": "string" + }, + "waas.WebAppsDiscoverySettings": { + "description": "WebAppsDiscoverySettings is the web apps discovery settings", + "properties": { + "disabled": { + "description": "Disabled indicates whether web apps discovery is disabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "wildfire.Usage": { + "description": "Usage holds wildfire usage stats, period for the usage varies with context", + "properties": { + "bytes": { + "description": "Bytes is the total number of bytes uploaded to the WildFire API.\n", + "format": "int64", + "type": "integer" + }, + "queries": { + "description": "Queries is the number of queries to the WildFire API.\n", + "format": "int64", + "type": "integer" + }, + "uploads": { + "description": "Uploads is the number of uploads to the WildFire API.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + } + } + }, + "info": { + "title": "Prisma Cloud Compute API", + "version": "32.06.110", + "description": { + "$ref": "desc/intro.md" + } + }, + "openapi": "3.0.3", + "paths": { + "/api/v1/certs/ca.pem": { + "get": { + "description": { + "$ref": "desc/certs/capem_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Certs" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-certs-ca.pem", + "summary": "Get CA PEM Certificate File" + } + }, + "/api/v1/certs/server-certs.sh": { + "get": { + "description": { + "$ref": "desc/certs/server-certs_get.md" + }, + "parameters": [ + { + "description": "OS is the target os.\n", + "in": "query", + "name": "os", + "schema": { + "type": "string" + } + }, + { + "description": "IPs is the list of addresses for which the certificates are generated.\n", + "in": "query", + "name": "ip", + "schema": { + "type": "string" + } + }, + { + "description": "Hostname is the target defender hostname.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Certs" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-certs-server-certs.sh", + "summary": "Get Server Certificates" + } + }, + "/api/v1/registry/webhook/webhook": { + "delete": { + "description": { + "$ref": "desc/registry/webhook_webhook_delete.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "delete-registry-webhook-webhook", + "summary": "Delete a Registry Webhook" + }, + "post": { + "description": { + "$ref": "desc/registry/webhook_webhook_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.RegistryWebhookRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "post-registry-webhook-webhook", + "summary": "Registry Webhook" + } + }, + "/api/v1/util/prisma-cloud-jenkins-plugin.hpi": { + "get": { + "description": { + "$ref": "desc/util/twistlock_jenkins_plugin_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-prisma-cloud-jenkins-plugin.hpi", + "summary": "Download Jenkins Plugin for Prisma Cloud Compute" + } + }, + "/api/v1/util/tas-tile": { + "get": { + "description": { + "$ref": "desc/util/twistlock_tas_tile_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-util-tas-tile", + "summary": "Download VMware TAS Tile for Prisma Cloud Compute" + } + }, + "/api/v32.06/_ping": { + "get": { + "description": { + "$ref": "desc/_ping/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "_Ping" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "get-_ping", + "summary": "Ping" + } + }, + "/api/v32.06/agentless/progress": { + "get": { + "description": { + "$ref": "desc/agentless/get_agentless_progress.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Progress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-agentless-progress", + "summary": "View the Agentless Scan Progress" + } + }, + "/api/v32.06/agentless/scan": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_scan.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-agentless-scan", + "summary": "Start Agentless Scan" + } + }, + "/api/v32.06/agentless/stop": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_stop.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-agentless-stop", + "summary": "Stop an Ongoing Scan" + } + }, + "/api/v32.06/agentless/templates": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_templates.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.AgentlessResourceTemplatesRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "post-agentless-templates", + "summary": "Download Agentless Permission Templates" + } + }, + "/api/v32.06/application-control/host": { + "get": { + "description": { + "$ref": "desc/application-control/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_applicationcontrol.Rule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-application-control-host", + "summary": "Host Application Control Rule" + }, + "put": { + "description": { + "$ref": "desc/application-control/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + } + } + }, + "description": "Rule represents an application control policy rule" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-application-control-host", + "summary": "Update Host Application Control Rules" + } + }, + "/api/v32.06/application-control/host/{id}": { + "delete": { + "description": { + "$ref": "desc/application-control/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "delete-application-control-host-id", + "summary": "Delete a Host Application Control Rule" + } + }, + "/api/v32.06/audits/access": { + "get": { + "description": { + "$ref": "desc/audits/access_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Type is the audit type.\n", + "in": "query", + "name": "type", + "schema": { + "type": "string" + } + }, + { + "description": "RuleNames are the rules names to filter by.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames are the rules names to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "APIs are apis to filter by.\n", + "in": "query", + "name": "api", + "schema": { + "description": "APIs are apis to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts are hosts to filter by.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts are hosts to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users are users to filter by.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users are users to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Allow indicated whether allowed requests should be shown.\n", + "in": "query", + "name": "allow", + "schema": { + "type": "string" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessDocker" + }, + "operationId": "get-audits-access", + "summary": "Get Docker Access Audit Events" + } + }, + "/api/v32.06/audits/access/download": { + "get": { + "description": { + "$ref": "desc/audits/access_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Type is the audit type.\n", + "in": "query", + "name": "type", + "schema": { + "type": "string" + } + }, + { + "description": "RuleNames are the rules names to filter by.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames are the rules names to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "APIs are apis to filter by.\n", + "in": "query", + "name": "api", + "schema": { + "description": "APIs are apis to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts are hosts to filter by.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts are hosts to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users are users to filter by.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users are users to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Allow indicated whether allowed requests should be shown.\n", + "in": "query", + "name": "allow", + "schema": { + "type": "string" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessDocker" + }, + "operationId": "get-audits-access-download", + "summary": "Download Docker Access Audit Events" + } + }, + "/api/v32.06/audits/admission": { + "get": { + "description": { + "$ref": "desc/audits/admission_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Operations is the list of operations to use for filtering.\n", + "in": "query", + "name": "operation", + "schema": { + "description": "Operations is the list of operations to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_admission.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-admission", + "summary": "Get Admission Audit Events" + } + }, + "/api/v32.06/audits/admission/download": { + "get": { + "description": { + "$ref": "desc/audits/admission_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Operations is the list of operations to use for filtering.\n", + "in": "query", + "name": "operation", + "schema": { + "description": "Operations is the list of operations to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-admission-download", + "summary": "Download Admission Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/agentless": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-agentless", + "summary": "Get WAAS Agentless Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/agentless/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-agentless-download", + "summary": "Download WAAS Agentless Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/agentless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-agentless-timeslice", + "summary": "Get WAAS Agentless Audit Events for a Timeframe" + } + }, + "/api/v32.06/audits/firewall/app/app-embedded": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-app-embedded", + "summary": "Get WAAS App-embedded Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-app-embedded-download", + "summary": "Download WAAS App-embedded Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/app-embedded/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-app-embedded-timeslice", + "summary": "Get WAAS App-embedded Audit Events for a Timeframe" + } + }, + "/api/v32.06/audits/firewall/app/container": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-container", + "summary": "Get WAAS Container Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/container/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-container-download", + "summary": "Download WAAS Container Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/container/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-container-timeslice", + "summary": "Get WAAS Container Audit Timeslice" + } + }, + "/api/v32.06/audits/firewall/app/host": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-host", + "summary": "Get WAAS Host Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/host/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-host-download", + "summary": "Download WAAS Host Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/host/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-host-timeslice", + "summary": "Get WAAS Host Audit Timeslice" + } + }, + "/api/v32.06/audits/firewall/app/serverless": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-serverless", + "summary": "Get WAAS Serverless Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/serverless/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-serverless-download", + "summary": "Download WAAS Serverless Audit Events" + } + }, + "/api/v32.06/audits/firewall/app/serverless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-serverless-timeslice", + "summary": "Get WAAS Serverless Audit Events for a Timeframe" + } + }, + "/api/v32.06/audits/firewall/network/container": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcImages are the source images filter.\n", + "in": "query", + "name": "srcImageName", + "schema": { + "description": "SrcImages are the source images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstImages are the destination images filter.\n", + "in": "query", + "name": "dstImageName", + "schema": { + "description": "DstImages are the destination images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Block is the block/audit filter.\n", + "in": "query", + "name": "block", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerNetworkFirewallProfileAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-container", + "summary": "Get CNNS Container Audit Events" + } + }, + "/api/v32.06/audits/firewall/network/container/download": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcImages are the source images filter.\n", + "in": "query", + "name": "srcImageName", + "schema": { + "description": "SrcImages are the source images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstImages are the destination images filter.\n", + "in": "query", + "name": "dstImageName", + "schema": { + "description": "DstImages are the destination images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Block is the block/audit filter.\n", + "in": "query", + "name": "block", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-container-download", + "summary": "Download CNNS Container Audit Events" + } + }, + "/api/v32.06/audits/firewall/network/host": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcHostname are the source hostnames filter.\n", + "in": "query", + "name": "srcHostnames", + "schema": { + "description": "SrcHostname are the source hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstHostname are the destination hostnames filter.\n", + "in": "query", + "name": "dstHostnames", + "schema": { + "description": "DstHostname are the destination hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.HostNetworkFirewallProfileAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-host", + "summary": "Get CNNS Host Audit Events" + } + }, + "/api/v32.06/audits/firewall/network/host/download": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcHostname are the source hostnames filter.\n", + "in": "query", + "name": "srcHostnames", + "schema": { + "description": "SrcHostname are the source hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstHostname are the destination hostnames filter.\n", + "in": "query", + "name": "dstHostnames", + "schema": { + "description": "DstHostname are the destination hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-host-download", + "summary": "Download CNNS Host Audit Events" + } + }, + "/api/v32.06/audits/incidents": { + "get": { + "description": { + "$ref": "desc/audits/incidents_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results from a start datetime.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results from an end datetime.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by hostname where the incident occurred.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters results by hostname where the incident occurred.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident category.\n", + "in": "query", + "name": "category", + "schema": { + "description": "Filters results by incident category.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Filters results by incident type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by runtime profile ID.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "Filters results by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incidents that have been acknowledged.\n", + "in": "query", + "name": "acknowledged", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by app IDs.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "Filters results by app IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by container IDs.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "Filters results by container IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by function IDs.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "Filters results by function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by custom rule names.\n", + "in": "query", + "name": "customRuleName", + "schema": { + "description": "Filters results by custom rule names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Incident" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents" + }, + "operationId": "get-audits-incidents", + "summary": "Get Incident Audit Events" + } + }, + "/api/v32.06/audits/incidents/acknowledge/{id}": { + "patch": { + "description": { + "$ref": "desc/audits/incidents_archive_patch.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Incident" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents" + }, + "operationId": "patch-audits-incidents-acknowledge-id", + "summary": "Archive an Incident Audit Event" + } + }, + "/api/v32.06/audits/incidents/download": { + "get": { + "description": { + "$ref": "desc/audits/incidents_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results from a start datetime.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results from an end datetime.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by hostname where the incident occurred.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters results by hostname where the incident occurred.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident category.\n", + "in": "query", + "name": "category", + "schema": { + "description": "Filters results by incident category.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Filters results by incident type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by runtime profile ID.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "Filters results by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incidents that have been acknowledged.\n", + "in": "query", + "name": "acknowledged", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by app IDs.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "Filters results by app IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by container IDs.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "Filters results by container IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by function IDs.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "Filters results by function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by custom rule names.\n", + "in": "query", + "name": "customRuleName", + "schema": { + "description": "Filters results by custom rule names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents" + }, + "operationId": "get-audits-incidents-download", + "summary": "Download Incident Audit Events" + } + }, + "/api/v32.06/audits/kubernetes": { + "get": { + "description": { + "$ref": "desc/audits/kubernetes_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Users is the list of users to use for filtering.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is the list of users to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the list of clusters for filtering.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the list of clusters for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_kubeaudit.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-kubernetes", + "summary": "Get Kubernetes Audit Events" + } + }, + "/api/v32.06/audits/kubernetes/download": { + "get": { + "description": { + "$ref": "desc/audits/kubernetes_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Users is the list of users to use for filtering.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is the list of users to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the list of clusters for filtering.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the list of clusters for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-kubernetes-download", + "summary": "Download Kubernetes Audit Events" + } + }, + "/api/v32.06/audits/mgmt": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.MgmtAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs" + }, + "operationId": "get-audits-mgmt", + "summary": "Get Management Audit Events" + } + }, + "/api/v32.06/audits/mgmt/download": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs" + }, + "operationId": "get-audits-mgmt-download", + "summary": "Download Management Audit Events" + } + }, + "/api/v32.06/audits/mgmt/filters": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_filters_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.MgmtAuditFilters" + } + } + }, + "description": "MgmtAuditFilters are filters for management audit queries" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs" + }, + "operationId": "get-audits-mgmt-filters", + "summary": "Get Management Audit Event Filters" + } + }, + "/api/v32.06/audits/runtime/app-embedded": { + "get": { + "description": { + "$ref": "desc/audits/runtime_app_embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-app-embedded", + "summary": "Get Runtime App-embedded Audit Events" + } + }, + "/api/v32.06/audits/runtime/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_app_embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-app-embedded-download", + "summary": "Download Runtime App-embedded Audit Events" + } + }, + "/api/v32.06/audits/runtime/container": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-audits-runtime-container", + "summary": "Get Runtime Container Audit Events" + } + }, + "/api/v32.06/audits/runtime/container/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-audits-runtime-container-download", + "summary": "Download Runtime Container Audit Events" + } + }, + "/api/v32.06/audits/runtime/container/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-audits-runtime-container-timeslice", + "summary": "Get Runtime Container Audit Events for a Timeframe" + } + }, + "/api/v32.06/audits/runtime/file-integrity": { + "get": { + "description": { + "$ref": "desc/audits/runtime_file-integrity_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the list of paths to use for filtering.\n", + "in": "query", + "name": "path", + "schema": { + "description": "Paths is the list of paths to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "in": "query", + "name": "eventType", + "schema": { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.FileIntegrityEvent" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-file-integrity", + "summary": "Get Runtime File Integrity Audit Events" + } + }, + "/api/v32.06/audits/runtime/file-integrity/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_file-integrity_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the list of paths to use for filtering.\n", + "in": "query", + "name": "path", + "schema": { + "description": "Paths is the list of paths to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "in": "query", + "name": "eventType", + "schema": { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-file-integrity-download", + "summary": "Download Runtime File Integrity Audit Events" + } + }, + "/api/v32.06/audits/runtime/host": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-host", + "summary": "Get Runtime Host Audit Events" + } + }, + "/api/v32.06/audits/runtime/host/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-host-download", + "summary": "Download Runtime Host Audit Events" + } + }, + "/api/v32.06/audits/runtime/host/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-host-timeslice", + "summary": "Get Runtime Host Audit Events for a Timeframe" + } + }, + "/api/v32.06/audits/runtime/log-inspection": { + "get": { + "description": { + "$ref": "desc/audits/runtime_log-inspection_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Logfiles is the list of log files to use for filtering.\n", + "in": "query", + "name": "logfile", + "schema": { + "description": "Logfiles is the list of log files to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.LogInspectionEvent" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-log-inspection", + "summary": "Get Runtime Log Inspection Audit Events" + } + }, + "/api/v32.06/audits/runtime/log-inspection/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_log-inspection_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Logfiles is the list of log files to use for filtering.\n", + "in": "query", + "name": "logfile", + "schema": { + "description": "Logfiles is the list of log files to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-log-inspection-download", + "summary": "Download Runtime Log Inspection Audit Events" + } + }, + "/api/v32.06/audits/runtime/serverless": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ProfileIDs are the profile ids to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile ids to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is an optional exact time constraint for the audit.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is a filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is a filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request id.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request id.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-serverless", + "summary": "Get Runtime Serverless Audit Events" + } + }, + "/api/v32.06/audits/runtime/serverless/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-serverless-download", + "summary": "Download Serverless Audit Events" + } + }, + "/api/v32.06/audits/runtime/serverless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-serverless-timeslice", + "summary": "Get Runtime Serverless Audit Events for a Timeframe" + } + }, + "/api/v32.06/audits/trust": { + "get": { + "description": { + "$ref": "desc/audits/trust_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rulename.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rulename.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter by registry/repo.\n", + "in": "query", + "name": "_id", + "schema": { + "description": "IDs is used to filter by registry/repo.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TrustAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-audits-trust", + "summary": "Get Trust Audit Events" + } + }, + "/api/v32.06/audits/trust/download": { + "get": { + "description": { + "$ref": "desc/audits/trust_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rulename.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rulename.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter by registry/repo.\n", + "in": "query", + "name": "_id", + "schema": { + "description": "IDs is used to filter by registry/repo.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-audits-trust-download", + "summary": "Download Trust Audit Events" + } + }, + "/api/v32.06/authenticate": { + "post": { + "description": { + "$ref": "desc/authenticate/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationRequest" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationResponse" + } + } + }, + "description": "AuthenticationResponse returns the result of calling the authentication endpoint" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Authenticate" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "post-authenticate", + "summary": "Get User Authentication Access Token" + } + }, + "/api/v32.06/cloud/discovery": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountName is the account name filter.\n", + "in": "query", + "name": "accountName", + "schema": { + "description": "AccountName is the account name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Agentless is the agentless filter.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CloudDiscoveryResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery", + "summary": "Get Cloud Discovery Scan Results" + } + }, + "/api/v32.06/cloud/discovery/download": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountName is the account name filter.\n", + "in": "query", + "name": "accountName", + "schema": { + "description": "AccountName is the account name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Agentless is the agentless filter.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery-download", + "summary": "Download Cloud Discovery Scan Results" + } + }, + "/api/v32.06/cloud/discovery/entities": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_entities_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Defended is the defended filter.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CloudDiscoveryEntity" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery-entities", + "summary": "Get Discovered Cloud Entities" + } + }, + "/api/v32.06/cloud/discovery/scan": { + "post": { + "description": { + "$ref": "desc/cloud/discovery_scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "post-cloud-discovery-scan", + "summary": "Start a Cloud Discovery Scan" + } + }, + "/api/v32.06/cloud/discovery/stop": { + "post": { + "description": { + "$ref": "desc/cloud/discovery_stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "post-cloud-discovery-stop", + "summary": "Stop a Cloud Discovery Scan" + } + }, + "/api/v32.06/cloud/discovery/vms": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_vms_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Region is the region filter.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Region is the region filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "HasDefender indicates only VMs with or without a defender should return.\n", + "in": "query", + "name": "hasDefender", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.DiscoveredVM" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery-vms", + "summary": "Get Discovered VMs" + } + }, + "/api/v32.06/coderepos-ci/evaluate": { + "post": { + "description": { + "$ref": "desc/coderepos-ci/post_resolve.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/coderepos.ScanResult" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/coderepos.ScanResult" + } + } + }, + "description": "ScanResult holds a specific repository data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Coderepos-Ci" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-coderepos-ci-evaluate", + "summary": "Resolve Code Repos" + } + }, + "/api/v32.06/collections": { + "get": { + "description": { + "$ref": "desc/collections/get.md" + }, + "parameters": [ + { + "description": "ExcludePrisma indicates to exclude Prisma collections.\n", + "in": "query", + "name": "excludePrisma", + "schema": { + "type": "boolean" + } + }, + { + "description": "Prisma filters the collections originates from Prisma Cloud.\n", + "in": "query", + "name": "prisma", + "schema": { + "type": "boolean" + } + }, + { + "description": "System.\n", + "in": "query", + "name": "system", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_collection.Collection" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "get-collections", + "summary": "Get Collections" + }, + "post": { + "description": { + "$ref": "desc/collections/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/collection.Collection" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "post-collections", + "summary": "Add a New Collection" + } + }, + "/api/v32.06/collections/{id}": { + "delete": { + "description": { + "$ref": "desc/collections/name_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "delete-collections-id", + "summary": "Delete an Existing Collection" + }, + "put": { + "description": { + "$ref": "desc/collections/name_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/collection.Collection" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "put-collections-id", + "summary": "Update an Existing Collection" + } + }, + "/api/v32.06/collections/{id}/usages": { + "get": { + "description": { + "$ref": "desc/collections/name_usages_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_collection.Usage" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "get-collections-id-usages", + "summary": "Get Policies for a Collection" + } + }, + "/api/v32.06/containers": { + "get": { + "description": { + "$ref": "desc/containers/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers", + "summary": "Get Container Scan Results" + } + }, + "/api/v32.06/containers/count": { + "get": { + "description": { + "$ref": "desc/containers/count_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/int" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers-count", + "summary": "Get Containers Count" + } + }, + "/api/v32.06/containers/download": { + "get": { + "description": { + "$ref": "desc/containers/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers-download", + "summary": "Download Container Scan Results" + } + }, + "/api/v32.06/containers/names": { + "get": { + "description": { + "$ref": "desc/containers/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers-names", + "summary": "Get Container Names" + } + }, + "/api/v32.06/containers/scan": { + "post": { + "description": { + "$ref": "desc/containers/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-containers-scan", + "summary": "Start a Container Scan" + } + }, + "/api/v32.06/credentials": { + "get": { + "description": { + "$ref": "desc/credentials/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the credential IDs to filter.\n", + "in": "query", + "name": "ids", + "schema": { + "description": "IDs are the credential IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cloud indicates whether to fetch cloud credentials (AWS/GCP/OCI/Azure) or other types of credentials.\n", + "in": "query", + "name": "cloud", + "schema": { + "type": "boolean" + } + }, + { + "description": "External indicates whether to fetch credentials imported from Prisma.\n", + "in": "query", + "name": "external", + "schema": { + "type": "boolean" + } + }, + { + "description": "AutoImported indicates whether to fetch credentials imported from Prisma automatically.\n", + "in": "query", + "name": "autoImported", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_cred.Credential" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "get-credentials", + "summary": "Get All Credentials" + }, + "post": { + "description": { + "$ref": "desc/credentials/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cred.Credential" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "post-credentials", + "summary": "Add Credentials" + } + }, + "/api/v32.06/credentials/{id}": { + "delete": { + "description": { + "$ref": "desc/credentials/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "delete-credentials-id", + "summary": "Delete a Credential" + } + }, + "/api/v32.06/credentials/{id}/usages": { + "get": { + "description": { + "$ref": "desc/credentials/id_usages_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.CredentialUsage" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "get-credentials-id-usages", + "summary": "Get Credential Usages" + } + }, + "/api/v32.06/current/collections": { + "get": { + "description": { + "$ref": "desc/current/collections_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.UserCollection" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Current" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-current-collections", + "summary": "User Collections" + } + }, + "/api/v32.06/custom-compliance": { + "get": { + "description": { + "$ref": "desc/custom-compliance/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CustomComplianceCheck" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules" + }, + "operationId": "get-custom-compliance", + "summary": "Get Custom Compliance Checks" + }, + "put": { + "description": { + "$ref": "desc/custom-compliance/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + } + } + }, + "description": "CustomComplianceCheck represents a custom compliance check entry" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules" + }, + "operationId": "put-custom-compliance", + "summary": "Update Custom Compliance Checks" + } + }, + "/api/v32.06/custom-compliance/{id}": { + "delete": { + "description": { + "$ref": "desc/custom-compliance/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules" + }, + "operationId": "delete-custom-compliance-id", + "summary": "Delete a Custom Compliance Check" + } + }, + "/api/v32.06/custom-rules": { + "get": { + "description": { + "$ref": "desc/custom-rules/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_customrules.Rule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules" + }, + "operationId": "get-custom-rules", + "summary": "Get Custom Rules" + } + }, + "/api/v32.06/custom-rules/{id}": { + "delete": { + "description": { + "$ref": "desc/custom-rules/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules" + }, + "operationId": "delete-custom-rules-id", + "summary": "Delete a Custom Rule" + }, + "put": { + "description": { + "$ref": "desc/custom-rules/id_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/customrules.Rule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules" + }, + "operationId": "put-custom-rules-id", + "summary": "Update a Custom Rule" + } + }, + "/api/v32.06/defenders": { + "get": { + "description": { + "$ref": "desc/defenders/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_defender.Defender" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders", + "summary": "Get Deployed Defenders" + } + }, + "/api/v32.06/defenders/app-embedded": { + "post": { + "description": { + "$ref": "desc/defenders/app_embedded_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.AppEmbeddedEmbedRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-app-embedded", + "summary": "Generate a Docker File for App-embedded Defender" + } + }, + "/api/v32.06/defenders/daemonset.yaml": { + "post": { + "description": { + "$ref": "desc/defenders/daemonset_yaml_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.DaemonSetOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-daemonset.yaml", + "summary": "Generate Daemonset Deployment YAML File" + } + }, + "/api/v32.06/defenders/download": { + "get": { + "description": { + "$ref": "desc/defenders/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-download", + "summary": "Download Deployed Defenders" + } + }, + "/api/v32.06/defenders/fargate.json": { + "post": { + "description": { + "$ref": "desc/defenders/fargate_json_post.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/appembedded.FargateTask" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/appembedded.FargateTask" + } + } + }, + "description": "FargateTask represents the generic fargate task AWS template" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-fargate.json", + "summary": "Generate a Protected JSON Fargate Task Definition" + } + }, + "/api/v32.06/defenders/fargate.yaml": { + "post": { + "description": { + "$ref": "desc/defenders/fargate_yaml_post.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-fargate.yaml", + "summary": "Generate a Protected YAML Fargate Task Definition" + } + }, + "/api/v32.06/defenders/helm/twistlock-defender-helm.tar.gz": { + "post": { + "description": { + "$ref": "desc/defenders/helm_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.DaemonSetOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-helm-twistlock-defender-helm.tar.gz", + "summary": "Generate a Helm Deployment Chart for Defender" + } + }, + "/api/v32.06/defenders/image-name": { + "get": { + "description": { + "$ref": "desc/defenders/image-name_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-image-name", + "summary": "Get Docker Image Name for Defender" + } + }, + "/api/v32.06/defenders/install-bundle": { + "get": { + "description": { + "$ref": "desc/defenders/install-bundle_get.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.DefenderInstallBundle" + } + } + }, + "description": "DefenderInstallBundle represents the install bundle for the defender" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-install-bundle", + "summary": "Get Certificate Bundle for Defender" + } + }, + "/api/v32.06/defenders/names": { + "get": { + "description": { + "$ref": "desc/defenders/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-names", + "summary": "Get Defender Names" + } + }, + "/api/v32.06/defenders/serverless/bundle": { + "post": { + "description": { + "$ref": "desc/defenders/serverless-bundle_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ServerlessBundleRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-serverless-bundle", + "summary": "Generate Serverless Bundle for Defender" + } + }, + "/api/v32.06/defenders/summary": { + "get": { + "description": { + "$ref": "desc/defenders/summary_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.DefenderSummary" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-summary", + "summary": "Get Defenders Summary" + } + }, + "/api/v32.06/defenders/tas-cloud-controller-address": { + "get": { + "description": { + "$ref": "desc/defenders/tas-cloud-controller-address_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-tas-cloud-controller-address", + "summary": "Defenders Tas Cloud Controller Address" + } + }, + "/api/v32.06/defenders/upgrade": { + "post": { + "description": { + "$ref": "desc/defenders/upgrade_post.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-upgrade", + "summary": "Upgrade Connected Single Linux Defenders" + } + }, + "/api/v32.06/defenders/{id}": { + "delete": { + "description": { + "$ref": "desc/defenders/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "delete-defenders-id", + "summary": "Delete a Defender" + } + }, + "/api/v32.06/defenders/{id}/features": { + "post": { + "description": { + "$ref": "desc/defenders/id_features_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Features" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Defender" + } + } + }, + "description": "Defender is an update about an agent starting" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-id-features", + "summary": "Update Defender Configuration" + } + }, + "/api/v32.06/defenders/{id}/restart": { + "post": { + "description": { + "$ref": "desc/defenders/id_restart_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-id-restart", + "summary": "Restart a Defender" + } + }, + "/api/v32.06/defenders/{id}/upgrade": { + "post": { + "description": { + "$ref": "desc/defenders/id_upgrade_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-id-upgrade", + "summary": "Upgrade a Defender" + } + }, + "/api/v32.06/feeds/custom/custom-vulnerabilities": { + "get": { + "description": { + "$ref": "desc/feeds/custom-vulnerabilities_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/vuln.CustomVulnerabilities" + } + } + }, + "description": "CustomVulnerabilities is a collection of custom vulnerabilities\nTBD: this storage usage is not best practice, should be migrate to a 1 document per vulnerability" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-feeds-custom-custom-vulnerabilities", + "summary": "Get Custom Vulnerability Feed" + }, + "put": { + "description": { + "$ref": "desc/feeds/custom-vulnerabilities_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/vuln.CustomVulnerabilities" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "put-feeds-custom-custom-vulnerabilities", + "summary": "Update Custom Vulnerability Feed" + } + }, + "/api/v32.06/feeds/custom/malware": { + "get": { + "description": { + "$ref": "desc/feeds/malware_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomMalwareFeed" + } + } + }, + "description": "CustomMalwareFeed represent the custom malware" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "get-feeds-custom-malware", + "summary": "Get Custom Malware Feed" + }, + "put": { + "description": { + "$ref": "desc/feeds/malware_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomMalwareFeed" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "put-feeds-custom-malware", + "summary": "Update Custom Malware Feed" + } + }, + "/api/v32.06/groups": { + "get": { + "description": { + "$ref": "desc/groups/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Groups" + } + } + }, + "description": "Groups represents a list of groups" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "get-groups", + "summary": "Get Groups" + } + }, + "/api/v32.06/groups/names": { + "get": { + "description": { + "$ref": "desc/groups/names.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "get-groups-names", + "summary": "Get Group Names" + } + }, + "/api/v32.06/hosts": { + "get": { + "description": { + "$ref": "desc/hosts/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-hosts", + "summary": "Get Host Scan Results" + } + }, + "/api/v32.06/hosts/download": { + "get": { + "description": { + "$ref": "desc/hosts/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-hosts-download", + "summary": "Download Host Scan Results" + } + }, + "/api/v32.06/hosts/evaluate": { + "post": { + "description": { + "$ref": "desc/hosts/evaluate_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesResp" + } + } + }, + "description": "ResolveImagesResp represents the images resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-hosts-evaluate", + "summary": "Resolve Hosts" + } + }, + "/api/v32.06/hosts/info": { + "get": { + "description": { + "$ref": "desc/hosts/info_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.HostInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-hosts-info", + "summary": "Get Host Information" + } + }, + "/api/v32.06/hosts/scan": { + "post": { + "description": { + "$ref": "desc/hosts/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-hosts-scan", + "summary": "Start a Host Scan" + } + }, + "/api/v32.06/images": { + "get": { + "description": { + "$ref": "desc/images/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-images", + "summary": "Get Image Scan Results" + } + }, + "/api/v32.06/images/download": { + "get": { + "description": { + "$ref": "desc/images/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-images-download", + "summary": "Download Image Scan Results" + } + }, + "/api/v32.06/images/evaluate": { + "post": { + "description": { + "$ref": "desc/images/evaluate_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesResp" + } + } + }, + "description": "ResolveImagesResp represents the images resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-images-evaluate", + "summary": "Resolve Images" + } + }, + "/api/v32.06/images/names": { + "get": { + "description": { + "$ref": "desc/images/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-images-names", + "summary": "Get Image Names" + } + }, + "/api/v32.06/images/scan": { + "post": { + "description": { + "$ref": "desc/images/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ImageScanOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-images-scan", + "summary": "Start Image Scan" + } + }, + "/api/v32.06/images/twistlock_defender_app_embedded.tar.gz": { + "get": { + "description": { + "$ref": "desc/images/twistlock_defender_app_embedded_tar_gz_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-images-twistlock_defender_app_embedded.tar.gz", + "summary": "Download App Embedded Defender" + } + }, + "/api/v32.06/images/twistlock_defender_layer.zip": { + "post": { + "description": { + "$ref": "desc/images/twistlock_defender_layer_zip_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ServerlessLayerBundleRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-images-twistlock_defender_layer.zip", + "summary": "Download Serverless Layer Bundle" + } + }, + "/api/v32.06/policies/compliance/ci/images": { + "get": { + "description": { + "$ref": "desc/policies/compliance_ci_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-compliance-ci-images", + "summary": "Get Continuous Integration (CI) Image Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_ci_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-compliance-ci-images", + "summary": "Update Continuous Integration (CI) Image Compliance Policy" + } + }, + "/api/v32.06/policies/compliance/ci/serverless": { + "get": { + "description": { + "$ref": "desc/policies/compliance_ci_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-compliance-ci-serverless", + "summary": "Get Continuous Integration (CI) Serverless Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_ci_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-compliance-ci-serverless", + "summary": "Update Continuous Integration (CI) Serverless Compliance Policy" + } + }, + "/api/v32.06/policies/compliance/container": { + "get": { + "description": { + "$ref": "desc/policies/compliance_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-compliance-container", + "summary": "Get Container Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-compliance-container", + "summary": "Update Container Compliance Policy" + } + }, + "/api/v32.06/policies/compliance/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/compliance_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-compliance-container-impacted", + "summary": "Get Impacted Container Compliance Policy" + } + }, + "/api/v32.06/policies/compliance/host": { + "get": { + "description": { + "$ref": "desc/policies/compliance_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-compliance-host", + "summary": "Get Host Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-policies-compliance-host", + "summary": "Update Host Compliance Policy" + } + }, + "/api/v32.06/policies/compliance/serverless": { + "get": { + "description": { + "$ref": "desc/policies/compliance_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-compliance-serverless", + "summary": "Get Serverless Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-compliance-serverless", + "summary": "Update Serverless Compliance Policy" + } + }, + "/api/v32.06/policies/compliance/vms/impacted": { + "get": { + "description": { + "$ref": "desc/policies/compliance_vms_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-compliance-vms-impacted", + "summary": "Get Impacted VMs Compliance Policy" + } + }, + "/api/v32.06/policies/firewall/app/agentless": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless", + "summary": "Get Agentless App Firewall Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-agentless", + "summary": "Set Agentless App Firewall Policy" + } + }, + "/api/v32.06/policies/firewall/app/agentless/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.VPCConfigMirroredVM" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless-impacted", + "summary": "Get Agentless App Firewall Policy Impacted" + } + }, + "/api/v32.06/policies/firewall/app/agentless/resources": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_resources_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ConfigID is the ID of the VPC configuration.\n", + "in": "query", + "name": "configID", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.VPCConfigResource" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless-resources", + "summary": "Get Agentless App Firewall Policy Resources" + } + }, + "/api/v32.06/policies/firewall/app/agentless/state": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_state_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.AgentlessPolicyState" + } + } + }, + "description": "AgentlessPolicyState is the state of the agentless policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless-state", + "summary": "Get Agentless App Firewall Policy State" + } + }, + "/api/v32.06/policies/firewall/app/apispec": { + "post": { + "description": { + "$ref": "desc/policies/firewall_app_apispec_post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.APISpec" + } + } + }, + "description": "APISpec is an API specification" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "post-policies-firewall-app-apispec", + "summary": "Generate a WAAS API Specification Object" + } + }, + "/api/v32.06/policies/firewall/app/app-embedded": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app-embedded_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-app-embedded", + "summary": "Get WAAS App-embedded Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app-embedded_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-app-embedded", + "summary": "Update WAAS App-embedded Policy" + } + }, + "/api/v32.06/policies/firewall/app/container": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-container", + "summary": "Get WAAS Container Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-container", + "summary": "Update WAAS Container Policy" + } + }, + "/api/v32.06/policies/firewall/app/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-container-impacted", + "summary": "Container App Firewall Policy Impacted" + } + }, + "/api/v32.06/policies/firewall/app/host": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-host", + "summary": "Get WAAS Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-host", + "summary": "Update WAAS Host Policy" + } + }, + "/api/v32.06/policies/firewall/app/host/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_host_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-host-impacted", + "summary": "Host App Firewall Policy Impacted" + } + }, + "/api/v32.06/policies/firewall/app/network-list": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.NetworkList" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-network-list", + "summary": "Get WAAS Network List" + }, + "post": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.NetworkList" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "post-policies-firewall-app-network-list", + "summary": "Add WAAS Network List" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.NetworkList" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-network-list", + "summary": "Update WAAS Network List" + } + }, + "/api/v32.06/policies/firewall/app/network-list/{id}": { + "delete": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "delete-policies-firewall-app-network-list-id", + "summary": "Delete WAAS Network List" + } + }, + "/api/v32.06/policies/firewall/app/out-of-band": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-out-of-band", + "summary": "Get Out-of-Band WAAS Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-out-of-band", + "summary": "Update Out-of-Band WAAS Policy" + } + }, + "/api/v32.06/policies/firewall/app/out-of-band/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.ImpactedOutOfBandEntity" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-out-of-band-impacted", + "summary": "Get Impacted Resources for Out-of-Band WAAS Policy" + } + }, + "/api/v32.06/policies/firewall/app/serverless": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-serverless", + "summary": "Get WAAS Serverless Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-serverless", + "summary": "Update WAAS Serverless Policy" + } + }, + "/api/v32.06/policies/firewall/network": { + "get": { + "description": { + "$ref": "desc/policies/firewall_network_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cnnf.Policy" + } + } + }, + "description": "Policy holds the data for firewall policies (host and container)" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCNNF" + }, + "operationId": "get-policies-firewall-network", + "summary": "Get CNNS Container and Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_network_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cnnf.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCNNF" + }, + "operationId": "put-policies-firewall-network", + "summary": "Update CNNS Container and Host Policy" + } + }, + "/api/v32.06/policies/runtime/app-embedded": { + "get": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicy" + } + } + }, + "description": "AppEmbeddedPolicy represents a runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "get-policies-runtime-app-embedded", + "summary": "Get Runtime App-embedded Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "post-policies-runtime-app-embedded", + "summary": "Add Runtime App-embedded Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "put-policies-runtime-app-embedded", + "summary": "Update Runtime App-embedded Policy" + } + }, + "/api/v32.06/policies/runtime/container": { + "get": { + "description": { + "$ref": "desc/policies/runtime_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicy" + } + } + }, + "description": "ContainerPolicy represents a runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "get-policies-runtime-container", + "summary": "Get Runtime Container Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_container_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "post-policies-runtime-container", + "summary": "Update Runtime Container Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "put-policies-runtime-container", + "summary": "Set Container Runtime Policy" + } + }, + "/api/v32.06/policies/runtime/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/runtime_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "get-policies-runtime-container-impacted", + "summary": "Update Runtime Impacted Container Policy" + } + }, + "/api/v32.06/policies/runtime/host": { + "get": { + "description": { + "$ref": "desc/policies/runtime_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicy" + } + } + }, + "description": "HostPolicy represents a host runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts" + }, + "operationId": "get-policies-runtime-host", + "summary": "Get Runtime Host Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_host_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts" + }, + "operationId": "post-policies-runtime-host", + "summary": "Update Runtime Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts" + }, + "operationId": "put-policies-runtime-host", + "summary": "Set Host Runtime Policy" + } + }, + "/api/v32.06/policies/runtime/serverless": { + "get": { + "description": { + "$ref": "desc/policies/runtime_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicy" + } + } + }, + "description": "ServerlessPolicy represents a serverless runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "get-policies-runtime-serverless", + "summary": "Get Runtime Serverless Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_serverless_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "post-policies-runtime-serverless", + "summary": "Update Runtime Serverless Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "put-policies-runtime-serverless", + "summary": "Set Host Runtime Policy" + } + }, + "/api/v32.06/policies/vulnerability/base-images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.BaseImagesRule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-base-images", + "summary": "Get Base Images Rules" + }, + "post": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.BaseImagesRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "post-policies-vulnerability-base-images", + "summary": "Add Base Images Rule" + } + }, + "/api/v32.06/policies/vulnerability/base-images/download": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_download.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-base-images-download", + "summary": "Download Base Images Rules" + } + }, + "/api/v32.06/policies/vulnerability/base-images/{id}": { + "delete": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "delete-policies-vulnerability-base-images-id", + "summary": "Delete Base Images Rule" + } + }, + "/api/v32.06/policies/vulnerability/ci/images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_ci_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-ci-images", + "summary": "Get CI Image Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_ci_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-vulnerability-ci-images", + "summary": "Update CI Image Vulnerability Policy" + } + }, + "/api/v32.06/policies/vulnerability/ci/serverless": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_ci_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-vulnerability-ci-serverless", + "summary": "Get CI Serverless Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_ci_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-vulnerability-ci-serverless", + "summary": "Update CI Serverless Vulnerability Policy" + } + }, + "/api/v32.06/policies/vulnerability/host": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-vulnerability-host", + "summary": "Get Host Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-policies-vulnerability-host", + "summary": "Update Host Vulnerability Policy" + } + }, + "/api/v32.06/policies/vulnerability/host/impacted": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_host_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-vulnerability-host-impacted", + "summary": "Get Impacted Host Vulnerability Policy" + } + }, + "/api/v32.06/policies/vulnerability/images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-images", + "summary": "Get Image Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-vulnerability-images", + "summary": "Update Image Vulnerability Policy" + } + }, + "/api/v32.06/policies/vulnerability/images/impacted": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_images_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-images-impacted", + "summary": "Get Impacted Image Vulnerability Policy" + } + }, + "/api/v32.06/policies/vulnerability/serverless": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-vulnerability-serverless", + "summary": "Get Serverless Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-vulnerability-serverless", + "summary": "Update Serverless Vulnerability Policy" + } + }, + "/api/v32.06/profiles/app-embedded": { + "get": { + "description": { + "$ref": "desc/profiles/app-embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the app embedded container filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the app embedded container filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the app embedded images filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the app embedded images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the app embedded clusters filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the app embedded clusters filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppEmbeddedRuntimeProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-profiles-app-embedded", + "summary": "Get App-embedded Profiles" + } + }, + "/api/v32.06/profiles/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/profiles/app-embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the app embedded container filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the app embedded container filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the app embedded images filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the app embedded images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the app embedded clusters filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the app embedded clusters filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-profiles-app-embedded-download", + "summary": "Download App-embedded Profiles" + } + }, + "/api/v32.06/profiles/container": { + "get": { + "description": { + "$ref": "desc/profiles/container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerRuntimeProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-profiles-container", + "summary": "Get Runtime Container Profiles" + } + }, + "/api/v32.06/profiles/container/download": { + "get": { + "description": { + "$ref": "desc/profiles/container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-profiles-container-download", + "summary": "Download Runtime Container Profiles" + } + }, + "/api/v32.06/profiles/container/learn": { + "post": { + "description": { + "$ref": "desc/profiles/container_learn_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "post-profiles-container-learn", + "summary": "Learn Runtime Container Profiles" + } + }, + "/api/v32.06/profiles/host": { + "get": { + "description": { + "$ref": "desc/profiles/host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_runtime.HostProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-profiles-host", + "summary": "Get Runtime Host Profiles" + } + }, + "/api/v32.06/profiles/host/download": { + "get": { + "description": { + "$ref": "desc/profiles/host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-profiles-host-download", + "summary": "Download Runtime Host Profiles" + } + }, + "/api/v32.06/registry": { + "get": { + "description": { + "$ref": "desc/registry/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry", + "summary": "Get Registry Scan Results" + } + }, + "/api/v32.06/registry/download": { + "get": { + "description": { + "$ref": "desc/registry/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry-download", + "summary": "Download Registry Scan Results" + } + }, + "/api/v32.06/registry/names": { + "get": { + "description": { + "$ref": "desc/registry/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry-names", + "summary": "Get Registry Image Names" + } + }, + "/api/v32.06/registry/progress": { + "get": { + "description": { + "$ref": "desc/registry/get_registry_progress.md" + }, + "parameters": [ + { + "description": "OnDemand indicates the requested progress is for an on-demand scan.\n", + "in": "query", + "name": "onDemand", + "schema": { + "type": "boolean" + } + }, + { + "description": "Registry is the image's registry.\n", + "in": "query", + "name": "registry", + "schema": { + "type": "string" + } + }, + { + "description": "Repository is the image's repository.\n", + "in": "query", + "name": "repo", + "schema": { + "type": "string" + } + }, + { + "description": "Tag is the image's tag.\n", + "in": "query", + "name": "tag", + "schema": { + "type": "string" + } + }, + { + "description": "Digest is the image's digest.\n", + "in": "query", + "name": "digest", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RegistryScanProgress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry-progress", + "summary": "View Registry Scan Progress" + } + }, + "/api/v32.06/registry/scan": { + "post": { + "description": { + "$ref": "desc/registry/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistryScanRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-scan", + "summary": "Start a Registry Scan" + } + }, + "/api/v32.06/registry/scan/select": { + "post": { + "description": { + "$ref": "desc/registry/scan_select_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RegistryScanRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-scan-select", + "summary": "Scan Registries" + } + }, + "/api/v32.06/registry/stop": { + "post": { + "description": { + "$ref": "desc/registry/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-stop", + "summary": "Stop a Registry Scan" + } + }, + "/api/v32.06/registry/stop/{id}": { + "post": { + "description": { + "$ref": "desc/registry/stop_id_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-stop-id", + "summary": "Stop a Registry spec Scan" + } + }, + "/api/v32.06/sandbox": { + "post": { + "description": { + "$ref": "desc/sandbox/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/sandbox.ScanResult" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/sandbox.ScanResult" + } + } + }, + "description": "ScanResult represents sandbox scan results" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sandbox" + ], + "x-prisma-cloud-target-env": { + "permission": "sandbox" + }, + "operationId": "post-sandbox", + "summary": "AddSandboxScanResult" + } + }, + "/api/v32.06/sbom/download/cli-images": { + "get": { + "description": { + "$ref": "desc/sbom/download_ci_images_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": ".\n", + "in": "query", + "name": "id", + "schema": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": ".\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-cli-images", + "summary": "Download SBOM CI Images" + } + }, + "/api/v32.06/sbom/download/cli-serverless": { + "get": { + "description": { + "$ref": "desc/sbom/download_ci_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": ".\n", + "in": "query", + "name": "id", + "schema": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": ".\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-cli-serverless", + "summary": "Download SBOM CLI Serverless" + } + }, + "/api/v32.06/sbom/download/hosts": { + "get": { + "description": { + "$ref": "desc/sbom/download_hosts_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": ".\n", + "in": "query", + "name": "id", + "schema": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": ".\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-hosts", + "summary": "Download SBOM Hosts" + } + }, + "/api/v32.06/sbom/download/images": { + "get": { + "description": { + "$ref": "desc/sbom/download_images_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": ".\n", + "in": "query", + "name": "id", + "schema": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": ".\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-images", + "summary": "Download SBOM Images" + } + }, + "/api/v32.06/sbom/download/registry": { + "get": { + "description": { + "$ref": "desc/sbom/download_registry_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": ".\n", + "in": "query", + "name": "id", + "schema": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": ".\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-registry", + "summary": "Download SBOM Registry" + } + }, + "/api/v32.06/sbom/download/serverless": { + "get": { + "description": { + "$ref": "desc/sbom/download_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": ".\n", + "in": "query", + "name": "id", + "schema": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": ".\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-serverless", + "summary": "Download SBOM Serverless" + } + }, + "/api/v32.06/sbom/download/vms": { + "get": { + "description": { + "$ref": "desc/sbom/download_vms_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": ".\n", + "in": "query", + "name": "id", + "schema": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": ".\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-vms", + "summary": "Download SBOM VMs" + } + }, + "/api/v32.06/scans": { + "get": { + "description": { + "$ref": "desc/scans/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scan ID used in the image layers fetch.\n", + "in": "query", + "name": "_id", + "schema": { + "type": "string" + } + }, + { + "description": "Jenkins job name.\n", + "in": "query", + "name": "jobName", + "schema": { + "description": "Jenkins job name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Scan type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to filter on passed scans (true) or not (false).\n", + "in": "query", + "name": "pass", + "schema": { + "type": "boolean" + } + }, + { + "description": "Build number.\n", + "in": "query", + "name": "build", + "schema": { + "type": "string" + } + }, + { + "description": "Image ID of scanned image.\n", + "in": "query", + "name": "imageID", + "schema": { + "type": "string" + } + }, + { + "description": "Indicates if CVEs are mapped to image layer (true) or not (false).\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by start datetime. Based on scan time.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by end datetime. Based on scan time.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates if base image vulnerabilities are to be filtered (true) or not (false). Requires predefined base images that have already been scanned.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CLIScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-scans", + "summary": "Get All CI Image Scan Results" + }, + "post": { + "description": { + "$ref": "desc/scans/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CLIScanResult" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-scans", + "summary": "Add CLI Scan Result" + } + }, + "/api/v32.06/scans/download": { + "get": { + "description": { + "$ref": "desc/scans/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scan ID used in the image layers fetch.\n", + "in": "query", + "name": "_id", + "schema": { + "type": "string" + } + }, + { + "description": "Jenkins job name.\n", + "in": "query", + "name": "jobName", + "schema": { + "description": "Jenkins job name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Scan type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to filter on passed scans (true) or not (false).\n", + "in": "query", + "name": "pass", + "schema": { + "type": "boolean" + } + }, + { + "description": "Build number.\n", + "in": "query", + "name": "build", + "schema": { + "type": "string" + } + }, + { + "description": "Image ID of scanned image.\n", + "in": "query", + "name": "imageID", + "schema": { + "type": "string" + } + }, + { + "description": "Indicates if CVEs are mapped to image layer (true) or not (false).\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by start datetime. Based on scan time.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by end datetime. Based on scan time.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates if base image vulnerabilities are to be filtered (true) or not (false). Requires predefined base images that have already been scanned.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-scans-download", + "summary": "Download CI Image Scan Results" + } + }, + "/api/v32.06/scans/{id}": { + "get": { + "description": { + "$ref": "desc/scans/id_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-scans-id", + "summary": "Get CI Image Scan Results" + } + }, + "/api/v32.06/serverless": { + "get": { + "description": { + "$ref": "desc/serverless/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_serverless.FunctionInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "get-serverless", + "summary": "Get Serverless Function Scan Results" + } + }, + "/api/v32.06/serverless/download": { + "get": { + "description": { + "$ref": "desc/serverless/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "get-serverless-download", + "summary": "Download Serverless Function Scan Results" + } + }, + "/api/v32.06/serverless/evaluate": { + "post": { + "description": { + "$ref": "desc/serverless/evaluate_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveFunctionsReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveFunctionsResp" + } + } + }, + "description": "ResolveFunctionsResp represents the functions resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-serverless-evaluate", + "summary": "Resolve Functions" + } + }, + "/api/v32.06/serverless/names": { + "get": { + "description": { + "$ref": "desc/serverless/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "get-serverless-names", + "summary": "Get Serverless Function Names" + } + }, + "/api/v32.06/serverless/scan": { + "post": { + "description": { + "$ref": "desc/serverless/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "post-serverless-scan", + "summary": "Start Serverless Function Scan" + } + }, + "/api/v32.06/serverless/stop": { + "post": { + "description": { + "$ref": "desc/serverless/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "post-serverless-stop", + "summary": "Stop Serverless Function Scan" + } + }, + "/api/v32.06/settings/certs": { + "get": { + "description": { + "$ref": "desc/settings/certs_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertSettings" + } + } + }, + "description": "CertSettings are the certificates settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-settings-certs", + "summary": "Get Certificate Settings for Prisma Cloud Compute" + } + }, + "/api/v32.06/settings/custom-labels": { + "get": { + "description": { + "$ref": "desc/settings/custom-labels_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + } + } + }, + "description": "CustomLabelsSettings are customized label names that are used to augment audit events\nThey can either be docker labels (which appears in the container label specification)\nor k8s/openshift labels (which appears in the pause container that monitors the target container)" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "get-settings-custom-labels", + "summary": "Get Alert Labels" + }, + "post": { + "description": { + "$ref": "desc/settings/custom-labels_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts" + }, + "operationId": "post-settings-custom-labels", + "summary": "Add Alert Labels" + } + }, + "/api/v32.06/settings/defender": { + "get": { + "description": { + "$ref": "desc/settings/defender_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Settings" + } + } + }, + "description": "Settings is the Defender settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-settings-defender", + "summary": "Get Advanced Defender Settings" + } + }, + "/api/v32.06/settings/intelligence": { + "get": { + "description": { + "$ref": "desc/settings/intelligence_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/intelligence.IntelligenceSettings" + } + } + }, + "description": "IntelligenceSettings are the intelligence service settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-intelligence", + "summary": "Get Intelligence Stream Settings" + } + }, + "/api/v32.06/settings/license": { + "get": { + "description": { + "$ref": "desc/settings/license_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.License" + } + } + }, + "description": "License represent the customer license" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-settings-license", + "summary": "Get Prisma Cloud Compute License" + } + }, + "/api/v32.06/settings/logging": { + "get": { + "description": { + "$ref": "desc/settings/logging_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.LoggingSettings" + } + } + }, + "description": "LoggingSettings are the logging settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts" + }, + "operationId": "get-settings-logging", + "summary": "Get Logging Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/logging_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.LoggingSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts" + }, + "operationId": "post-settings-logging", + "summary": "Add Logging Settings" + } + }, + "/api/v32.06/settings/logon": { + "get": { + "description": { + "$ref": "desc/settings/logon_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LogonSettings" + } + } + }, + "description": "LogonSettings are settings associated with the login properties" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-logon", + "summary": "Get Logon Settings" + } + }, + "/api/v32.06/settings/proxy": { + "get": { + "description": { + "$ref": "desc/settings/proxy_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.ProxySettings" + } + } + }, + "description": "ProxySettings are the http proxy settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-proxy", + "summary": "Get Proxy Settings of Prisma Cloud Compute" + }, + "post": { + "description": { + "$ref": "desc/settings/proxy_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.ProxySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "post-settings-proxy", + "summary": "Add Proxy Settings for Prisma Cloud Compute" + } + }, + "/api/v32.06/settings/registry": { + "get": { + "description": { + "$ref": "desc/settings/registry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySettings" + } + } + }, + "description": "RegistrySettings contains each registry's unique settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-settings-registry", + "summary": "Get Registry Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/registry_post.md" + }, + "parameters": [ + { + "description": "ScanLater indicates to save the setting without starting a scan.\n", + "in": "query", + "name": "scanLater", + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "post-settings-registry", + "summary": "Add Registry Settings" + }, + "put": { + "description": { + "$ref": "desc/settings/registry_put.md" + }, + "parameters": [ + { + "description": "ScanLater indicates to save the setting without starting a scan.\n", + "in": "query", + "name": "scanLater", + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-settings-registry", + "summary": "Update Registry Settings" + } + }, + "/api/v32.06/settings/saml": { + "get": { + "description": { + "$ref": "desc/settings/saml_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + } + }, + "description": "SamlSettings are the saml connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-saml", + "summary": "Get SAML Settings of Prisma Cloud Compute" + } + }, + "/api/v32.06/settings/scan": { + "get": { + "description": { + "$ref": "desc/settings/scan_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ScanSettings" + } + } + }, + "description": "ScanSettings are global settings for image/host/container and registry scanning" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-scan", + "summary": "Get Global Scan Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ScanSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "post-settings-scan", + "summary": "Add Global Scan Settings" + } + }, + "/api/v32.06/settings/tas": { + "get": { + "description": { + "$ref": "desc/settings/tas_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TASDropletSpecification" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-settings-tas", + "summary": "Get TAS Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/tas_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TASDropletSpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "post-settings-tas", + "summary": "Add TAS Settings" + } + }, + "/api/v32.06/settings/vm": { + "get": { + "description": { + "$ref": "desc/settings/vm_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.VMSpecification" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-settings-vm", + "summary": "Get VM Image Scan Settings" + }, + "put": { + "description": { + "$ref": "desc/settings/vm_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.VMSpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-settings-vm", + "summary": "Update VM Image Scan Settings" + } + }, + "/api/v32.06/settings/wildfire": { + "get": { + "description": { + "$ref": "desc/settings/wildfire_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.WildFireSettings" + } + } + }, + "description": "WildFireSettings are the settings for WildFire API requests" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-settings-wildfire", + "summary": "Wild Fire Settings" + } + }, + "/api/v32.06/stats/app-firewall/count": { + "get": { + "description": { + "$ref": "desc/stats/app_firewall_count_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/int" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-stats-app-firewall-count", + "summary": "Application Firewall Count" + } + }, + "/api/v32.06/stats/compliance": { + "get": { + "description": { + "$ref": "desc/stats/compliance_get.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ComplianceStats" + } + } + }, + "description": "ComplianceStats holds compliance data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance" + }, + "operationId": "get-stats-compliance", + "summary": "Get Compliance Stats" + } + }, + "/api/v32.06/stats/compliance/download": { + "get": { + "description": { + "$ref": "desc/stats/compliance_download_get.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance" + }, + "operationId": "get-stats-compliance-download", + "summary": "Download Compliance Stats" + } + }, + "/api/v32.06/stats/compliance/refresh": { + "post": { + "description": { + "$ref": "desc/stats/compliance_refresh.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ComplianceStats" + } + } + }, + "description": "ComplianceStats holds compliance data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance" + }, + "operationId": "post-stats-compliance-refresh", + "summary": "Refresh Compliance Stats" + } + }, + "/api/v32.06/stats/daily": { + "get": { + "description": { + "$ref": "desc/stats/daily_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.Stats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-stats-daily", + "summary": "Get Daily Compliance Stats" + } + }, + "/api/v32.06/stats/dashboard": { + "get": { + "description": { + "$ref": "desc/stats/dashboard_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Trends" + } + } + }, + "description": "Trends contains data on global trends in the system" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-dashboard", + "summary": "Get Dashboard Stats" + } + }, + "/api/v32.06/stats/events": { + "get": { + "description": { + "$ref": "desc/stats/events_get.md" + }, + "parameters": [ + { + "description": "Collections are collections scoping the query.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Collections are collections scoping the query.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountIDs are the account IDs scoping the query.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "AccountIDs are the account IDs scoping the query.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.EventStats" + } + } + }, + "description": "EventStats holds counters for all event types" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-stats-events", + "summary": "Get Event Stats" + } + }, + "/api/v32.06/stats/license": { + "get": { + "description": { + "$ref": "desc/stats/license_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LicenseStats" + } + } + }, + "description": "LicenseStats holds the console license stats" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-stats-license", + "summary": "Get Event Stats" + } + }, + "/api/v32.06/stats/vulnerabilities": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is the single CVE ID to return vulnerability data for.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.VulnerabilityStats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities", + "summary": "Get Vulnerability (CVEs) Stats" + } + }, + "/api/v32.06/stats/vulnerabilities/download": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is the single CVE ID to return vulnerability data for.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities-download", + "summary": "Download Vulnerability (CVEs) Stats" + } + }, + "/api/v32.06/stats/vulnerabilities/impacted-resources": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_impacted_resources_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is used to as a pivot for the impacted resource search.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.VulnImpactedResources" + } + } + }, + "description": "VulnImpactedResources holds details about the resources impacted by vulnerability" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities-impacted-resources", + "summary": "Get Impacted Resources Vulnerability (CVE) Stats" + } + }, + "/api/v32.06/stats/vulnerabilities/impacted-resources/download": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_impacted_resources_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is used to as a pivot for the impacted resource search.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities-impacted-resources-download", + "summary": "Download Impacted Resources Vulnerability (CVE) Stats" + } + }, + "/api/v32.06/stats/vulnerabilities/refresh": { + "post": { + "description": { + "$ref": "desc/stats/vulnerabilities_refresh_post.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.VulnerabilityStats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "post-stats-vulnerabilities-refresh", + "summary": "Refresh Vulnerability Stats" + } + }, + "/api/v32.06/statuses/buildah": { + "get": { + "description": { + "$ref": "desc/statuses/buildah_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.BuildahFeatureStatus" + } + } + }, + "description": "BuildahFeatureStatus holds the response for the buildah feature status" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Statuses" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-statuses-buildah", + "summary": "Buildah Feature Status returns the buildah feature status" + } + }, + "/api/v32.06/statuses/registry": { + "get": { + "description": { + "$ref": "desc/statuses/registry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.ScanStatus" + } + } + }, + "description": "ScanStatus represents the status of current scan" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Statuses" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-statuses-registry", + "summary": "Get Registry Scan Status" + } + }, + "/api/v32.06/tags": { + "get": { + "description": { + "$ref": "desc/tags/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Tag" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "get-tags", + "summary": "Get Tags" + }, + "post": { + "description": { + "$ref": "desc/tags/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Tag" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "post-tags", + "summary": "Add Tags" + } + }, + "/api/v32.06/tags/{id}": { + "delete": { + "description": { + "$ref": "desc/tags/name_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "delete-tags-id", + "summary": "Delete a Tag" + }, + "put": { + "description": { + "$ref": "desc/tags/name_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Tag" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "put-tags-id", + "summary": "Update a Tag" + } + }, + "/api/v32.06/tags/{id}/vuln": { + "delete": { + "description": { + "$ref": "desc/tags/tag_cve_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "delete-tags-id-vuln", + "summary": "Delete Tag Vulnerability Metadata" + }, + "post": { + "description": { + "$ref": "desc/tags/tag_cve_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.TagVulnMetadata" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "post-tags-id-vuln", + "summary": "Set Tag Vulnerability Metadata" + } + }, + "/api/v32.06/tas-droplets": { + "get": { + "description": { + "$ref": "desc/tas-droplets/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_serverless.FunctionInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets", + "summary": "Get TAS Droplets" + } + }, + "/api/v32.06/tas-droplets/addresses": { + "get": { + "description": { + "$ref": "desc/tas-droplets/get_tas_addresses.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets-addresses", + "summary": "TAS Cloud Controller Addresses" + } + }, + "/api/v32.06/tas-droplets/download": { + "get": { + "description": { + "$ref": "desc/tas-droplets/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets-download", + "summary": "Download TAS Droplets" + } + }, + "/api/v32.06/tas-droplets/progress": { + "get": { + "description": { + "$ref": "desc/tas-droplets/progress_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Progress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets-progress", + "summary": "View TAS Droplets Scan Progress" + } + }, + "/api/v32.06/tas-droplets/scan": { + "post": { + "description": { + "$ref": "desc/tas-droplets/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-tas-droplets-scan", + "summary": "Scan TAS Droplets" + } + }, + "/api/v32.06/tas-droplets/stop": { + "post": { + "description": { + "$ref": "desc/tas-droplets/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-tas-droplets-stop", + "summary": "Stop TAS Droplets Ongoing Scan" + } + }, + "/api/v32.06/trust/data": { + "get": { + "description": { + "$ref": "desc/trust/data_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/trust.Data" + } + } + }, + "description": "Data holds the image trust data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Trust" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-trust-data", + "summary": "Get Trusted Repository, Image, and Registry" + }, + "put": { + "description": { + "$ref": "desc/trust/data_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/trust.Data" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Trust" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-trust-data", + "summary": "Update Trusted Repository, Image, and Registry" + } + }, + "/api/v32.06/users": { + "get": { + "description": { + "$ref": "desc/users/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.UserList" + } + } + }, + "description": "UserList represents a list of users" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "get-users", + "summary": "Get Users" + } + }, + "/api/v32.06/util/arm64/twistcli": { + "get": { + "description": { + "$ref": "desc/util/twistcli_arm64_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-arm64-twistcli", + "summary": "Download ARM64 twistcli for Linux OS" + } + }, + "/api/v32.06/util/osx/arm64/twistcli": { + "get": { + "description": { + "$ref": "desc/util/osx_twistcli_arm64_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-osx-arm64-twistcli", + "summary": "Download ARM64 twistcli for MacOS" + } + }, + "/api/v32.06/util/osx/twistcli": { + "get": { + "description": { + "$ref": "desc/util/osx_twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-osx-twistcli", + "summary": "Download twistcli for MacOS" + } + }, + "/api/v32.06/util/twistcli": { + "get": { + "description": { + "$ref": "desc/util/twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-twistcli", + "summary": "Download twistcli for Linux OS" + } + }, + "/api/v32.06/util/windows/twistcli.exe": { + "get": { + "description": { + "$ref": "desc/util/windows_twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-windows-twistcli.exe", + "summary": "Download twistcli for Microsoft Windows" + } + }, + "/api/v32.06/version": { + "get": { + "description": { + "$ref": "desc/version/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Version" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "get-version", + "summary": "Get Prisma Cloud Compute Version" + } + }, + "/api/v32.06/vms": { + "get": { + "description": { + "$ref": "desc/vms/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms", + "summary": "Get VM Image Scan Results" + } + }, + "/api/v32.06/vms/download": { + "get": { + "description": { + "$ref": "desc/vms/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms-download", + "summary": "Download VM Image Scan Results" + } + }, + "/api/v32.06/vms/labels": { + "get": { + "description": { + "$ref": "desc/vms/labels_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms-labels", + "summary": "Get VM Image Tags" + } + }, + "/api/v32.06/vms/names": { + "get": { + "description": { + "$ref": "desc/vms/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms-names", + "summary": "Get VM Image Names" + } + }, + "/api/v32.06/vms/scan": { + "post": { + "description": { + "$ref": "desc/vms/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-vms-scan", + "summary": "Start VM Image Scan" + } + }, + "/api/v32.06/vms/stop": { + "post": { + "description": { + "$ref": "desc/vms/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-vms-stop", + "summary": "Stop VM Image Scan" + } + }, + "/api/v32.06/waas/openapi-scans": { + "post": { + "description": { + "$ref": "desc/waas/openapi-scans_post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.OpenAPIScan" + } + } + }, + "description": "OpenAPIScan represents the OpenAPI file scan" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Waas" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "post-waas-openapi-scans", + "summary": "Scan OpenAPI Specification File for WAAS Observations" + } + } + }, + "tags": [ + { + "name": "Active-Assets" + }, + { + "name": "Agentless", + "description": { + "$ref": "desc/agentless/agentless.md" + } + }, + { + "name": "Alert-Profiles" + }, + { + "name": "Application-Control", + "description": { + "$ref": "desc/application-control/application-control.md" + } + }, + { + "name": "Audits", + "description": { + "$ref": "desc/audits/audits.md" + } + }, + { + "name": "Authenticate", + "description": { + "$ref": "desc/authenticate/authenticate.md" + } + }, + { + "name": "Authenticate-Client", + "description": { + "$ref": "desc/authenticate-client/authenticate-client.md" + } + }, + { + "name": "Backups" + }, + { + "name": "Bff" + }, + { + "name": "Ccs" + }, + { + "name": "Certs", + "description": { + "$ref": "desc/certs/certs.md" + } + }, + { + "name": "Cloud", + "description": { + "$ref": "desc/cloud/cloud.md" + } + }, + { + "name": "Cloud-Scan-Rules" + }, + { + "name": "Cloud-Security-Agent" + }, + { + "name": "Clustered-Db" + }, + { + "name": "Coderepos-Ci" + }, + { + "name": "Collections", + "description": { + "$ref": "desc/collections/collections.md" + } + }, + { + "name": "Config" + }, + { + "name": "Containers", + "description": { + "$ref": "desc/containers/containers.md" + } + }, + { + "name": "Credentials", + "description": { + "$ref": "desc/credentials/credentials.md" + } + }, + { + "name": "Current" + }, + { + "name": "Custom-Compliance", + "description": { + "$ref": "desc/custom-compliance/custom-compliance.md" + } + }, + { + "name": "Custom-Rules", + "description": { + "$ref": "desc/custom-rules/custom-rules.md" + } + }, + { + "name": "Cves" + }, + { + "name": "Defenders", + "description": { + "$ref": "desc/defenders/defenders.md" + } + }, + { + "name": "Deployment" + }, + { + "name": "Feeds", + "description": { + "$ref": "desc/feeds/feeds.md" + } + }, + { + "name": "Forensic" + }, + { + "name": "Groups", + "description": { + "$ref": "desc/groups/groups.md" + } + }, + { + "name": "Harbor" + }, + { + "name": "Hosts", + "description": { + "$ref": "desc/hosts/hosts.md" + } + }, + { + "name": "Images", + "description": { + "$ref": "desc/images/images.md" + } + }, + { + "name": "Kubernetes" + }, + { + "name": "Logout" + }, + { + "name": "Logs" + }, + { + "name": "Policies", + "description": { + "$ref": "desc/policies/policies.md" + } + }, + { + "name": "Profiles", + "description": { + "$ref": "desc/profiles/profiles.md" + } + }, + { + "name": "Projects" + }, + { + "name": "Radar" + }, + { + "name": "Rbac" + }, + { + "name": "Registry", + "description": { + "$ref": "desc/registry/registry.md" + } + }, + { + "name": "Registry-Count" + }, + { + "name": "Runtime" + }, + { + "name": "Sandbox", + "description": { + "$ref": "desc/sandbox/sandbox.md" + } + }, + { + "name": "Sbom", + "description": { + "$ref": "desc/sbom/sbom_intro.md" + } + }, + { + "name": "Scans", + "description": { + "$ref": "desc/scans/scans.md" + } + }, + { + "name": "Scripts" + }, + { + "name": "Security-Advisor" + }, + { + "name": "Serverless", + "description": { + "$ref": "desc/serverless/serverless.md" + } + }, + { + "name": "Settings", + "description": { + "$ref": "desc/settings/settings.md" + } + }, + { + "name": "Signup", + "description": { + "$ref": "desc/signup/signup.md" + } + }, + { + "name": "Static" + }, + { + "name": "Stats", + "description": { + "$ref": "desc/stats/stats.md" + } + }, + { + "name": "Statuses", + "description": { + "$ref": "desc/statuses/statuses.md" + } + }, + { + "description": "This API is an officially supported route", + "externalDocs": { + "url": "https://cdn.twistlock.com/docs/api/twistlock_api.html" + }, + "name": "Supported API" + }, + { + "name": "Tags", + "description": { + "$ref": "desc/tags/tags.md" + } + }, + { + "name": "Tas-Droplets" + }, + { + "name": "Trust", + "description": { + "$ref": "desc/trust/trust.md" + } + }, + { + "name": "Trusted-Images" + }, + { + "name": "Users", + "description": { + "$ref": "desc/users/users.md" + } + }, + { + "name": "Util", + "description": { + "$ref": "desc/util/util.md" + } + }, + { + "name": "Version", + "description": { + "$ref": "desc/version/version.md" + } + }, + { + "name": "Vms", + "description": { + "$ref": "desc/vms/vms.md" + } + }, + { + "name": "Waas" + }, + { + "name": "Xsoar-Alerts" + }, + { + "name": "_Ping", + "description": { + "$ref": "desc/_ping/_ping.md" + } + } + ], + "servers": [ + { + "url": "PATH_TO_CONSOLE" + } + ] +} \ No newline at end of file diff --git a/openapi-specs/sase/mt-interconnect/paloaltonetworks-multitenant_interconnect.yaml b/openapi-specs/sase/mt-interconnect/paloaltonetworks-multitenant_interconnect.yaml new file mode 100644 index 000000000..a61089be6 --- /dev/null +++ b/openapi-specs/sase/mt-interconnect/paloaltonetworks-multitenant_interconnect.yaml @@ -0,0 +1,1961 @@ +components: + schemas: + AssignIPPoolEntry: + properties: + ipPoolId: + pattern: \S + type: string + required: + - ipPoolId + type: object + BackboneEntry: + properties: + connectionStats: + $ref: '#/components/schemas/ConnectionStats' + connections: + items: + $ref: '#/components/schemas/ConnectionEntry' + type: array + id: + type: string + name: + pattern: \S + type: string + status: + type: string + tenants: + items: + type: string + type: array + uniqueItems: true + required: + - name + type: object + BackboneFilter: + properties: + operator: + description: Always set to AND + type: string + rules: + anyOf: + - $ref: '#/components/schemas/BackboneRule' + - $ref: '#/components/schemas/TimeFilter' + items: + type: object + type: array + required: + - operator + type: object + BackboneProperty: + properties: + alias: + type: string + function: + description: Operations that need to be run on the property field. Operations + can be run only on number properties. + example: sum, avg + type: string + property: + description: Property field name. Property fields will be returned in the + API response. + example: ingress_throughput, egress_throughput, ingress_traffic, egress_traffic,backbone_name, + backbone_id, event_time, region + type: string + type: object + BackboneRule: + properties: + operator: + description: Filter operator that is one of the example values and is run + on the property field + example: in + type: string + property: + description: Filter property field that is one of the example values + example: backbone_name,backbone_id, region + type: string + values: + description: Filter property value + example: SP_Backbone1 if property is backbone_name + items: + type: string + type: array + type: object + Bandwidth: + enum: + - BPS_5G + - BPS_10G + - BPS_20G + - BPS_50G + type: string + ConnectionEntry: + properties: + bandwidth: + $ref: '#/components/schemas/Bandwidth' + bgpPeerAsn: + format: int64 + type: integer + bgpPeerIp: + type: string + bgpPeerStatus: + type: string + cloudRouterAsn: + format: int64 + type: integer + cloudRouterIp: + type: string + edgeAvailability: + $ref: '#/components/schemas/EdgeAvailability' + id: + type: string + med: + format: int64 + type: integer + monitorInfo: + type: object + msg: + type: string + name: + pattern: \S + type: string + pairingKey: + type: string + partnerEmail: + pattern: \S + type: string + partnerName: + pattern: \S + type: string + permittedActions: + items: + $ref: '#/components/schemas/SpInterconnectActions' + type: array + region: + pattern: \S + type: string + spInterconnectName: + type: string + state: + type: string + status: + type: string + tenantCount: + format: int64 + type: integer + tenants: + items: + type: string + type: array + upSince: + format: int64 + type: integer + required: + - name + - partnerName + - partnerEmail + - region + - edgeAvailability + - bandwidth + - bgpPeerAsn + type: object + ConnectionFilter: + properties: + operator: + description: Always set to AND + type: string + rules: + anyOf: + - $ref: '#/components/schemas/ConnectionRule' + - $ref: '#/components/schemas/TimeFilter' + items: + type: object + type: array + required: + - operator + type: object + ConnectionProperty: + properties: + alias: + type: string + function: + description: Operations that need to be run on the property field. Operations + can be run only on number properties. + example: sum, avg + type: string + property: + description: Property field name. Property fields will be returned in the + API response. + example: ingress_throughput, egress_throughput, ingress_traffic, egress_traffic,connection_name, + connection_id, event_time + type: string + type: object + ConnectionRule: + properties: + operator: + description: Filter operator that is one of the example values and is run + on the property field + example: in + type: string + property: + description: Filter property field that is one of the example values + example: connection_name, connection_id,backbone_name,backbone_id,event_time + type: string + values: + description: Filter property value + example: Connection1 if property is connection_name + items: + type: string + type: array + type: object + ConnectionStats: + properties: + active: + format: int64 + type: integer + failed: + format: int64 + type: integer + pending: + format: int64 + type: integer + staging: + format: int64 + type: integer + total: + format: int64 + type: integer + totalBandwidth: + type: string + type: object + EdgeAvailability: + enum: + - REDUNDANT + - ZONE1 + - ZONE2 + type: string + IPBlockEntry: + properties: + cidr: + items: + type: string + minItems: 1 + type: array + uniqueItems: true + edgeLocation: + pattern: \S + type: string + required: + - edgeLocation + - cidr + type: object + IPPoolEntry: + properties: + ipBlocks: + items: + $ref: '#/components/schemas/IPBlockEntry' + type: array + uniqueItems: true + ipProvider: + $ref: '#/components/schemas/IPProvider' + name: + pattern: \S + type: string + region: + pattern: \S + type: string + spContactEmail: + type: string + required: + - name + - region + - ipProvider + type: object + IPProvider: + enum: + - SP + - PANW + type: string + RequestBody_Backbone: + properties: + filter: + allOf: + - $ref: '#/components/schemas/BackboneFilter' + - description: filter json object + properties: + description: List of property json objects + items: + $ref: '#/components/schemas/BackboneProperty' + type: array + required: + - properties + - filter + type: object + RequestBody_Connection: + properties: + filter: + allOf: + - $ref: '#/components/schemas/ConnectionFilter' + - description: filter json object + properties: + description: List of property json objects + items: + $ref: '#/components/schemas/ConnectionProperty' + type: array + required: + - properties + - filter + type: object + SpInterconnectActions: + enum: + - DELETE_CONNECTION + type: string + TimeFilter: + properties: + operator: + description: Filter operator that is one of the example values and is run + on the property field + example: gt, lt, last_n_minutes, last_n_hours, last_n_days + type: string + property: + description: Filter property field that is one of the example values + example: event_time, update_time, updated_time + type: string + values: + description: Filter property value + example: minute, hour or day counts if property is event_time + items: + type: string + type: array + type: object + securitySchemes: + Bearer: + scheme: bearer + type: http +info: + contact: + email: support@paloaltonetworks.com + description: "This Open API spec file represents the APIs available for\n[Palo Alto\ + \ Networks Interconnect](https://docs.paloaltonetworks.com/NEED-URL) APIs. The\ + \ Service Provider(SP) Interconnect API allows you to use SP Backbones like BT,\ + \ Orange, AT&T, and more for directing Prisma Access egress traffic.\nWithout\ + \ the SP Interconnect, Prisma Access egress traffic relies on public cloud providers\ + \ like GCP, AWS, and Azure for network backbone connectivity. \nThe SP Interconnect\ + \ API offers several benefits, including enhanced security, optimized network\ + \ costs, and realibility. \nYou can easily manage traffic routing preferences\ + \ on a per-SP and per-Prisma Access location or region basis, ensuring flexibility\ + \ and efficiency in network operations.\n\nThese APIs use the common SASE authentication\ + \ mechanism and base URL. See the\n[Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted)\ + \ guide for more information.\n\nThis Open API spec file was created on June 04,\ + \ 2024. To check for a more recent version of this file, see\n[Interconnect APIs\ + \ on pan.dev](https://pan.dev/sase/api/mt-sp-interconnect/mt-interconnect-api.html).\n\ + \n\xA9 2024 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark\ + \ of Palo\nAlto Networks. A list of our trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ + \nAll other marks mentioned herein may be trademarks of their respective companies.\n" + title: Multitenant Interconnect APIs + version: '1.0' +openapi: 3.0.0 +paths: + /api/cloud/2.0/interconnect/backbones: + get: + description: 'Lists all the created backbones along with the backbone ID. + + ' + operationId: get-api-cloud-2.0-interconnect-backbones + parameters: + - description: "A google backbone is set as a default query parameter. Unless\ + \ users specifies any other query parameter, the API will use Google's global\ + \ network\ninfrastructure for executing queries or routing traffic. \n" + in: query + name: defaultBackbone + schema: + type: boolean + responses: + '200': + content: + application/json: + examples: + Get all backbone for a particular tsgId: + value: + data: + - connectionStats: + active: 1 + failed: 2 + pending: 3 + staging: 4 + total: 10 + totalBandwidth: 0Mbps + connections: + - bandwidth: BPS_50M + bgpPeerAsn: 16550 + edgeAvailability: REDUNDANT + id: 0df743a9-05e5-40b7-bea7-8882560af564 + name: abc-edge-1 + partnerEmail: sp@mail.com + partnerName: sp_abc_name + region: us-central1 + state: CREATED_CONNECTION + status: PENDING + id: 3113b3ac-f808-42ba-afc0-6a94338cd61f + name: backbone-name + status: STAGING + tenants: + - '1234' + - '5678' + requestId: dab32ea4-a388-4886-b4f8-491d7ab10e4b + description: Success + '400': + description: Bad Request + security: + - Bearer: [] + summary: List backbones + tags: + - Backbone + post: + description: "You can create a backbone by providing a name. \n" + operationId: post-api-cloud-2.0-interconnect-backbones + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/BackboneEntry' + responses: + '200': + content: + application/json: + examples: + Add a backbone: + value: + data: + id: 8c2f06b2-3e71-4833-9cc4-7c28af986630 + name: backbone_name9 + requestId: e1bff5ee-3478-4f74-bcac-ddf14670ef5d + description: Success + '400': + content: + application/json: + examples: + Add a backbone with invalid payload: + value: + error: + errorCode: 50001 + errorType: VALIDATION_ERROR + httpStatus: 400 + msg: Backbone name is empty! + requestId: 432568e0-05e2-4baa-8595-ed6bb4f98b64 + description: Bad Request + '409': + content: + application/json: + examples: + Add an already existing backbone: + value: + error: + errorCode: 50003 + errorType: VALIDATION_ERROR + httpStatus: 409 + msg: Backbone with name already exists! + requestId: 432568e0-05e2-4baa-8595-ed6bb4f98b64 + description: Conflict + '500': + content: + application/json: + examples: + Add backbone failed due to internal error: + value: + error: + errorCode: 50002 + errorType: INTERNAL_ERROR + httpStatus: 500 + msg: Failed to add Backbone in db + requestId: 432568e0-05e2-4baa-8595-ed6bb4f98b64 + description: Server Error + security: + - Bearer: [] + summary: Create backbone + tags: + - Backbone + /api/cloud/2.0/interconnect/backbones/{backboneId}: + delete: + description: "Delete a backbone using an ID. You can get the ID when you create\ + \ a backbone. \n" + operationId: delete-api-cloud-2.0-interconnect-backbones-backboneid + parameters: + - in: path + name: backboneId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + examples: + Delete Backbone: + value: + data: Successfully Deleted Backbone + requestId: 7e656271-20f3-4fa4-9c4a-e0f455476fe9 + description: Success + '400': + description: Bad Request + '404': + content: + application/json: + examples: + Delete Backbone not found: + value: + error: + errorCode: 50004 + errorType: NOT_FOUND + httpStatus: 404 + msg: Backbone not found! + requestId: 33a4acfb-d3ee-491e-96ce-ccce0e8d3ba4 + description: Not Found + '500': + content: + application/json: + examples: + Delete Backbone failed: + value: + error: + errorCode: 50005 + errorType: INTERNAL_ERROR + httpStatus: 500 + msg: Backbone delete failed! + requestId: 33a4acfb-d3ee-491e-96ce-ccce0e8d3ba4 + description: Server Error + security: + - Bearer: [] + summary: Delete backbone + tags: + - Backbone + get: + description: "You can get details on the backbone using ID. \n" + operationId: get-api-cloud-2.0-interconnect-backbones-backboneid + parameters: + - description: 'Provide backbone ID + + ' + in: path + name: backboneId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + examples: + Get backbone by Id: + value: + data: + connectionStats: + active: 0 + failed: 0 + pending: 1 + staging: 0 + total: 1 + totalBandwidth: 0Mbps + connections: + - bandwidth: BPS_50M + bgpPeerAsn: 16550 + edgeAvailability: REDUNDANT + id: 0df743a9-05e5-40b7-bea7-8882560af564 + name: abc-edge-1 + partnerEmail: sp@mail.com + partnerName: sp_abc_name + region: us-central1 + state: CREATED_CONNECTION + status: PENDING + id: 3113b3ac-f808-42ba-afc0-6a94338cd61f + name: backbone-name + status: PENDING + tenants: + - '1234' + - '5678' + requestId: cc0bf133-e1de-45d9-bdbc-f3fa31696717 + description: Success + '400': + description: Bad Request + '404': + content: + application/json: + examples: + Get backbone by Id not found: + value: + error: + errorCode: 50004 + errorType: NOT_FOUND + httpStatus: 404 + msg: Backbone not found! + requestId: 176b1c95-9801-4138-b7b7-3d7db83bd274 + description: Not Found + security: + - Bearer: [] + summary: Backbone details + tags: + - Backbone + /api/cloud/2.0/interconnect/backbones/{backboneId}/connections: + get: + description: "Get connection details using backbone ID. \n" + operationId: get-api-cloud-2.0-interconnect-backbones-backboneid-connections + parameters: + - description: 'Provide backbone ID + + ' + in: path + name: backboneId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + examples: + Get Connections in a backbone: + value: + data: + - bandwidth: BPS_50M + bgpPeerAsn: 16550 + edgeAvailability: ZONE1 + id: dee52272-d1e2-4b88-9ebc-a5e70e414d58 + name: abc-edge-1 + partnerEmail: sp@mail.com + partnerName: sp_abc_name + region: us-central1 + state: NOT_STARTED + status: PENDING + requestId: 36ea5c86-bf56-4e7a-ad8b-19f246532937 + description: Success + '400': + description: Bad Request + '500': + description: Server Error + security: + - Bearer: [] + summary: Connection details + tags: + - Connection + post: + description: 'Create a connection using backbone ID. + + ' + operationId: post-api-cloud-2.0-interconnect-backbones-backboneid-connections + parameters: + - description: 'Provide backbone ID + + ' + in: path + name: backboneId + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ConnectionEntry' + responses: + '201': + content: + application/json: + examples: + Add connection in backbone: + value: + data: + - bandwidth: BPS_50M + bgpPeerAsn: 16550 + edgeAvailability: enum(REDUNDANT/ZONE1/ZONE2) + id: 242e46fd-8408-40ea-b815-8dcd4ad73ad5 + name: abc-edge-1 + partnerEmail: sp@mail.com + partnerName: sp_abc_name + region: us-central1 + state: NOT_STARTED + status: enum(PENDING/STAGING/ACTIVE/FAILED) + tenants: 0 + - bandwidth: BPS_50M + bgpPeerAsn: 16550 + edgeAvailability: enum(REDUNDANT/ZONE1/ZONE2) + id: 5982d9c3-2bce-4e21-b9ae-ad769e10c939 + name: abc-edge-2 + partnerEmail: sp@mail.com + partnerName: sp_abc_name + region: us-central1 + state: NOT_STARTED + status: enum(PENDING/STAGING/ACTIVE/FAILED) + tenants: 0 + requestId: 9b1ee5d1-0912-4aca-a8cd-b1fc1d662f0c + description: Success + '400': + description: Bad Request + '404': + content: + application/json: + examples: + Add connection, backbone not found: + value: + error: + errorCode: 50004 + errorType: NOT_FOUND + httpStatus: 404 + msg: Backbone not found! + requestId: d42dba1a-23f1-4818-813b-2da9f35c95bb + description: Bad Request + '500': + content: + application/json: + examples: + Add connection failed in GCP: + value: + error: + errorCode: 50020 + errorType: INTERNAL_ERROR + httpStatus: 500 + msg: Failed adding Cloud Router in GCP! + requestId: d42dba1a-23f1-4818-813b-2da9f35c95bb + description: Server Error + security: + - Bearer: [] + summary: Create Connection + tags: + - Connection + /api/cloud/2.0/interconnect/backbones/{backboneId}/connections/{connectionId}: + delete: + description: "Delete a connection using backbone ID. \n" + operationId: delete-api-cloud-2.0-interconnect-backbones-backboneid-connections-connectionid + parameters: + - description: 'Provide backbone ID + + ' + in: path + name: backboneId + required: true + schema: + type: string + - in: path + name: connectionId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + examples: + Delete Backbone: + value: + data: Successfully Deleted Connection + requestId: 7e656271-20f3-4fa4-9c4a-e0f455476fe9 + description: Success + '400': + description: Bad Request + '404': + content: + application/json: + examples: + Delete Connection not found: + value: + error: + errorCode: 50007 + errorType: NOT_FOUND + httpStatus: 404 + msg: Connection not found! + requestId: cf32af05-7df6-4dd2-b27e-7b6ef2683145 + description: Bad Request + '500': + description: Server Error + security: + - Bearer: [] + summary: Delete Connection + tags: + - Connection + get: + description: 'Get connection details using ID. + + ' + operationId: get-api-cloud-2.0-interconnect-backbones-backboneid-connections-connectionid + parameters: + - description: 'Provide backbone ID + + ' + in: path + name: backboneId + required: true + schema: + type: string + - in: path + name: connectionId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + examples: + Get Connection by Id: + value: + data: + bandwidth: BPS_50M + bgpPeerAsn: 16550 + edgeAvailability: ZONE1 + id: dee52272-d1e2-4b88-9ebc-a5e70e414d58 + name: abc-edge-1 + partnerEmail: sp@mail.com + partnerName: sp_abc_name + region: us-central1 + state: CREATED_CONNECTION + status: PENDING + requestId: 138de731-25c2-4001-8ea5-d81992c146d7 + description: Success + '400': + description: Bad Request + '404': + content: + application/json: + examples: + Get connection by Id not found: + value: + error: + errorCode: 50007 + errorType: NOT_FOUND + httpStatus: 404 + msg: Connection not found! + requestId: 7c066854-29e8-43a9-b5ae-052362693578 + description: Bad Request + '500': + description: Server Error + security: + - Bearer: [] + summary: Connection details by ID + tags: + - Connection + /api/cloud/2.0/interconnect/ip-pool: + get: + description: "Get details of all the IP Pools. \n" + operationId: get-api-cloud-2.0-interconnect-ip-pool + responses: + '200': + content: + application/json: + examples: + List IP Pools: + value: + data: + - id: 9c68ad1e-5112-4dd2-9b8d-b55708dd2f00 + ipBlocks: + - cidr: + - 14.3.0.0/24 + - 14.1.0.0/24 + displayName: US West + edgeLocation: us-west-1 + - cidr: + - 14.1.0.0/24 + displayName: US Southwest + edgeLocation: us-west-201 + ipProvider: SP + name: demo-1 + permittedActions: + - UPDATE_IP_POOL + region: us-west2 + state: SUBNETWORK_UPDATE_CIDR_COMPLETE + status: READY + tsgId: '1091039496' + - id: a55d7799-997d-4cb3-8d68-318f1909b842 + ipBlocks: + - cidr: + - 4.56.78.0/25 + displayName: Senegal + edgeLocation: senegal + ipProvider: SP + name: sample-24 + permittedActions: + - ASSIGN_IP_POOL + - DELETE_IP_POOL + - UPDATE_IP_POOL + region: europe-west1 + state: NOT_STARTED + status: PENDING + tsgId: '1091039496' + requestId: 86062188-ccb4-4d22-8c00-de0a49fed038 + description: Success + '400': + description: Bad Request + security: + - Bearer: [] + summary: IP Pools details + tags: + - IPPool + post: + description: 'Create a new IP Pool by selecting either Prisma Access or get + your own IP. + + ' + operationId: post-api-cloud-2.0-interconnect-ip-pool + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IPPoolEntry' + responses: + '201': + content: + application/json: + examples: + Add an IP Pool: + value: + data: + id: 7673a661-a98b-4202-b70a-8edc3934a3f5 + ipBlocks: + - cidr: + - 21.58.1.0/29 + edgeLocation: mexico-central + ipProvider: SP + name: ip-pool-test + permittedActions: + - ASSIGN_IP_POOL + - DELETE_IP_POOL + - UPDATE_IP_POOL + region: us-south1 + state: NOT_STARTED + status: PENDING + tsgId: '1091039496' + requestId: a097e994-e9e2-4b7a-8c52-606f9a60b42b + description: Success + '400': + description: Bad Request + '500': + description: Internal Error + security: + - Bearer: [] + summary: Create IP Pool + tags: + - IPPool + /api/cloud/2.0/interconnect/ip-pool/assign: + post: + description: "After you create an IP Pool, you can assign a region and the status\ + \ becomes active. \n\nNote: Once you assign an IP Pool, you cannot update\ + \ or delete an IP Pool. \n" + operationId: post-api-cloud-2.0-interconnect-ip-pool-assign + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AssignIPPoolEntry' + responses: + '200': + content: + application/json: + examples: + Assign an IP Pool: + value: + data: + id: 7673a661-a98b-4202-b70a-8edc3934a3f5 + ipBlocks: + - cidr: + - 21.58.1.0/29 + displayName: Mexico Central + edgeLocation: mexico-central + ipProvider: SP + name: ip-pool-test + permittedActions: [] + region: us-south1 + state: SUBNETWORK_UPDATE_CIDR_IN_PROGRESS + status: IN_PROGRESS + tsgId: '1091039496' + requestId: 6eb154b3-5ac0-441c-a8e4-a092f5b5b588 + description: Success + '400': + description: Bad Request + '500': + description: Internal Error + security: + - Bearer: [] + summary: Assign IP Pool + tags: + - IPPool + /api/cloud/2.0/interconnect/ip-pool/region: + get: + description: 'Get IP Pool regions and edge locations. + + ' + operationId: get-api-cloud-2.0-interconnect-ip-pool-region + responses: + '200': + content: + application/json: + examples: + Get IP Pool regions/edge locations: + value: + data: + - edgeLocation: + - displayName: US Southwest + edgeLocation: us-west-201 + - displayName: US West + edgeLocation: us-west-1 + region: us-west2 + - edgeLocation: + - displayName: US Central West + edgeLocation: us-west-3 + region: us-west3 + requestId: e459bba9-ca17-4bfa-a55a-f7305a7e8f75 + description: Success + security: + - Bearer: [] + summary: IP Pool regions + tags: + - IPPool + /api/cloud/2.0/interconnect/ip-pool/{ipPoolId}: + delete: + description: 'Delete an IP Pool using an ID. + + ' + operationId: delete-api-cloud-2.0-interconnect-ip-pool-ippoolid + parameters: + - description: 'Provide IP Pool ID + + ' + in: path + name: ipPoolId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + examples: + Delete IP Pool by id: + value: + data: IP Pool successfully deleted + requestId: e34443d5-dfbd-482b-a76c-5d753034efc0 + description: Success + security: + - Bearer: [] + summary: Delete IP Pool + tags: + - IPPool + get: + description: 'Get IP pool details by prividing an ID. + + ' + operationId: get-api-cloud-2.0-interconnect-ip-pool-ippoolid + parameters: + - in: path + name: ipPoolId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + examples: + Get IP Pool by id: + value: + data: + id: 9c68ad1e-5112-4dd2-9b8d-b55708dd2f00 + ipBlocks: + - cidr: + - 14.1.0.0/24 + cidrInUse: + - 14.1.0.0/24 + displayName: US Southwest + edgeLocation: us-west-201 + - cidr: + - 14.3.0.0/24 + - 14.1.0.0/24 + cidrInUse: + - 14.3.0.0/24 + - 14.1.0.0/24 + displayName: US West + edgeLocation: us-west-1 + ipProvider: SP + name: demo-1 + permittedActions: + - UPDATE_IP_POOL + region: us-west2 + state: SUBNETWORK_UPDATE_CIDR_COMPLETE + status: READY + tsgId: '1091039496' + requestId: adfa0a27-fe75-45ed-bf6d-48d82816f322 + description: Success + '400': + description: Bad Request + security: + - Bearer: [] + summary: IP Pool by ID + tags: + - IPPool + put: + description: 'Update an IP Pool using an ID. + + ' + operationId: put-api-cloud-2.0-interconnect-ip-pool-ippoolid + parameters: + - description: 'Provide IP Pool ID + + ' + in: path + name: ipPoolId + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IPPoolEntry' + responses: + '200': + content: + application/json: + examples: + Update IP Pool: + value: "{\n \"data\": {\n \"id\": \"7673a661-a98b-4202-b70a-8edc3934a3f5\"\ + ,\n \"ipBlocks\": [\n {\n \ + \ \"cidr\": [\n \"21.58.2.0/29\"\n \ + \ ],\n \"displayName\": \"Mexico\ + \ Central\",\n \"edgeLocation\": \"mexico-central\"\ + \n }\n ],\n \"ipProvider\": \"\ + SP\",\n \"name\": \"ip-pool-test\",\n \"permittedActions\"\ + : [],\n \"region\": \"us-south1\",\n \"state\"\ + : \"NOT_STARTED\",\n \"status\": \"PENDING\"\n \ + \ \"tsgId\": \"1091039496\"\n },\n \"requestId\"\ + : \"6eb154b3-5ac0-441c-a8e4-a092f5b5b588\"\n}" + description: Success + '400': + description: Bad Request + '500': + description: Internal Error + security: + - Bearer: [] + summary: Update IP Pool + tags: + - IPPool + /api/cloud/2.0/interconnect/monitor/backbones/theatres: + get: + description: 'Monitor a group of regions. + + ' + operationId: get-api-cloud-2.0-interconnect-monitor-backbones-theatres + parameters: + - description: 'Provide backbone ID + + ' + in: query + name: backboneId + schema: + type: string + - in: query + name: tsgId + schema: + type: string + responses: + '200': + content: + application/json: + examples: + Theatre to Region Mapping: + value: + - region: + - Test + - Test1 + theatre: Theatre1 + description: Success + '400': + description: Bad Request + '500': + description: Server Error + security: + - Bearer: [] + summary: Monitor regions + tags: + - BackboneMonitoring + /api/cloud/2.0/interconnect/monitor/backbones/throughput: + post: + description: "Provides comprehensive data on the rate of ingress and egress\ + \ data traffic, offering insights into bandwidth utilization and network performance.\ + \ \n" + operationId: post-api-cloud-2.0-interconnect-monitor-backbones-throughput + requestBody: + content: + application/json: + examples: + Throughput By Backbone: + value: + filter: + operator: AND + rules: + - operator: last_n_days + property: event_time + values: + - 7 + - operator: in + property: backbone_id + values: + - '1' + histogram: + enableEmptyInterval: false + property: event_time + range: day + value: '1' + properties: + - property: backbone_name + - property: backbone_id + - property: event_time + - property: egress_throughput + - property: ingress_throughput + Throughput By Region: + value: + filter: + operator: AND + rules: + - operator: last_n_days + property: event_time + values: + - 7 + - operator: in + property: region + values: + - us-east1 + - us-west1 + histogram: + enableEmptyInterval: false + property: event_time + range: day + value: '1' + properties: + - property: region + - property: event_time + - property: egress_throughput + - property: ingress_throughput + schema: + $ref: '#/components/schemas/RequestBody_Backbone' + responses: + '200': + content: + application/json: + examples: + Throughput By Backbone: + value: + - backbone_id: 10 + backbone_name: Test + egress_throughput: 100.0 + event_time: 34567890 + ingress_throughput: 89.0 + - backbone_id: 10 + backbone_name: Test + egress_throughput: 100.0 + event_time: 34567890 + ingress_throughput: 89.0 + Throughput By Region: + value: + - egress_throughput: 100.0 + event_time: 34567890 + ingress_throughput: 89.0 + region: us-west1 + - egress_throughput: 100.0 + event_time: 34567890 + ingress_throughput: 89.0 + region: us-west2 + description: Success + '400': + description: Bad Request + '500': + description: Server Error + security: + - Bearer: [] + summary: Ingress/Egress throughput + tags: + - BackboneMonitoring + /api/cloud/2.0/interconnect/monitor/backbones/throughput/{tsgId}: + post: + description: "Provides detailed measurements of the rate at which data is transmitted\ + \ into and out of a network for \neach individual tenant within a multi-tenant\ + \ environment.\n" + operationId: post-api-cloud-2.0-interconnect-monitor-backbones-throughput-tsgid + parameters: + - description: "A sub-tenant TSG ID retrieves and provides the unique indentifier\ + \ (TSG ID) associated with a specific sub-tenant within the multi-tenant\ + \ architecture, \nproviding precise tenant management and resource allocation.\ + \ \n" + example: 123456789 + in: path + name: tsgId + required: true + schema: + type: string + requestBody: + content: + application/json: + examples: + Throughput By Backbone per Tenant: + value: + filter: + operator: AND + rules: + - operator: last_n_days + property: event_time + values: + - 7 + - operator: in + property: backbone_id + values: + - '1' + histogram: + enableEmptyInterval: false + property: event_time + range: day + value: '1' + properties: + - property: backbone_name + - property: backbone_id + - property: event_time + - property: egress_throughput + - property: ingress_throughput + Throughput By Region per Tenant: + value: + filter: + operator: AND + rules: + - operator: last_n_days + property: event_time + values: + - 7 + - operator: in + property: region + values: + - us-east1 + - us-west1 + histogram: + enableEmptyInterval: false + property: event_time + range: day + value: '1' + properties: + - property: region + - property: event_time + - property: egress_throughput + - property: ingress_throughput + schema: + $ref: '#/components/schemas/RequestBody_Backbone' + responses: + '200': + content: + application/json: + examples: + Throughput By Backbone per Tenant: + value: + - backbone_id: 10 + backbone_name: Test + egress_throughput: 100.0 + event_time: 34567890 + ingress_throughput: 89.0 + - backbone_id: 10 + backbone_name: Test + egress_throughput: 100.0 + event_time: 34567890 + ingress_throughput: 89.0 + Throughput By Region per Tenant: + value: + - egress_throughput: 100.0 + event_time: 34567890 + ingress_throughput: 89.0 + region: us-west1 + - egress_throughput: 100.0 + event_time: 34567890 + ingress_throughput: 89.0 + region: us-west2 + description: Success + '400': + description: Bad Request + '500': + description: Server Error + security: + - Bearer: [] + summary: Ingress/Egress throughput by tenant + tags: + - BackboneMonitoring + /api/cloud/2.0/interconnect/monitor/backbones/traffic: + post: + description: "Provides details on ingress/egress network traffic specific to\ + \ each tenant within a multi-tenant environment. \n" + operationId: post-api-cloud-2.0-interconnect-monitor-backbones-traffic + parameters: + - description: "Duration for which the network or application state is considered\ + \ valid. \n" + example: false + in: query + name: lifeTime + schema: + type: boolean + requestBody: + content: + application/json: + examples: + Backbone Data Transfer Over Time: + value: + filter: + operator: AND + rules: + - operator: last_n_days + property: event_time + values: + - 7 + histogram: + enableEmptyInterval: false + property: event_time + range: day + value: '1' + properties: + - property: backbone_name + - property: backbone_id + - function: sum + property: egress_traffic + - function: sum + property: ingress_traffic + Backbone Egress Data Transfer: + value: + filter: + operator: AND + rules: + - operator: last_n_days + property: event_time + values: + - 7 + properties: + - property: backbone_name + - property: backbone_id + - function: sum + property: egress_traffic + Backbone Egress Data Transfer Lifetime: + value: + filter: + operator: AND + rules: + - operator: lessThan + property: event_time + values: + - 1234567890 + properties: + - property: backbone_name + - property: backbone_id + - function: sum + property: egress_traffic + schema: + $ref: '#/components/schemas/RequestBody_Backbone' + responses: + '200': + content: + application/json: + examples: + Backbone Data Transfer Over Time: + value: + - backbone_id: 10 + backbone_name: Test + egress_traffic: 100.0 + event_time: 34567890 + ingress_traffic: 89.0 + - backbone_id: 10 + backbone_name: Test + egress_traffic: 100.0 + event_time: 34567987 + ingress_traffic: 89.0 + Backbone Egress Data Transfer: + value: + - backbone_id: 10 + backbone_name: Test + egress_traffic: 100.0 + Backbone Egress Data Transfer Lifetime: + value: + - backbone_id: 10 + backbone_name: Test + egress_traffic: 100.0 + description: Success + '400': + description: Bad Request + '500': + description: Server Error + security: + - Bearer: [] + summary: Ingress/Egress traffic + tags: + - BackboneMonitoring + /api/cloud/2.0/interconnect/monitor/backbones/traffic/{tsgId}: + post: + description: 'Retrieves the ingress/egress traffic data categorized by tenant. + + ' + operationId: post-api-cloud-2.0-interconnect-monitor-backbones-traffic-tsgid + parameters: + - description: "A sub-tenant TSG ID retrieves and provides the unique indentifier\ + \ (TSG ID) associated with a specific sub-tenant within the multi-tenant\ + \ architecture, \nproviding precise tenant management and resource allocation.\ + \ \n" + example: 123456789 + in: path + name: tsgId + required: true + schema: + type: string + - example: false + in: query + name: lifeTime + schema: + type: boolean + requestBody: + content: + application/json: + examples: + Backbone Data Transfer Over Time per Tenant: + value: + filter: + operator: AND + rules: + - operator: last_n_days + property: event_time + values: + - 7 + histogram: + enableEmptyInterval: false + property: event_time + range: day + value: '1' + properties: + - property: backbone_name + - property: backbone_id + - property: event_time + - property: egress_traffic + - property: ingress_traffic + Backbone Egress Data Transfer Lifetime per Tenant: + value: + filter: + operator: AND + rules: + - operator: lessThan + property: event_time + values: + - 1234567890 + properties: + - property: backbone_name + - property: backbone_id + - property: egress_traffic + Backbone Egress Data Transfer per Tenant: + value: + filter: + operator: AND + rules: + - operator: last_n_days + property: event_time + values: + - 7 + properties: + - property: backbone_name + - property: backbone_id + - property: egress_traffic + schema: + $ref: '#/components/schemas/RequestBody_Backbone' + responses: + '200': + content: + application/json: + examples: + Backbone Data Transfer Over Time per Tenant: + value: + - backbone_id: 10 + backbone_name: Test + egress_traffic: 100.0 + event_time: 34567890 + ingress_traffic: 89.0 + - backbone_id: 10 + backbone_name: Test + egress_traffic: 100.0 + event_time: 34567987 + ingress_traffic: 89.0 + Backbone Egress Data Transfer Lifetime per Tenant: + value: + - backbone_id: 10 + backbone_name: Test + egress_traffic: 100.0 + Backbone Egress Data Transfer per Tenant: + value: + - backbone_id: 10 + backbone_name: Test + egress_traffic: 100.0 + description: Success + '400': + description: Bad Request + '500': + description: Server Error + security: + - Bearer: [] + summary: Ingress/Egress traffic by tenant + tags: + - BackboneMonitoring + /api/cloud/2.0/interconnect/monitor/connections/connectionStats: + post: + description: "Offers detailed metrics on the performance and realibity of a\ + \ network connection. \n" + operationId: post-api-cloud-2.0-interconnect-monitor-connections-connectionstats + requestBody: + content: + application/json: + examples: + Connections: + value: + filter: + operator: AND + rules: + - operator: last_n_days + property: event_time + values: + - 7 + properties: + - property: connection_name + - property: backbone_name + - function: avg + property: egress_throughput + - function: avg + property: ingress_throughput + Connections Per Backbone: + value: + filter: + operator: AND + rules: + - operator: last_n_days + property: event_time + values: + - 7 + - operator: in + property: backbone_name + values: + - backbone1 + properties: + - property: connection_name + - function: avg + property: egress_throughput + - function: avg + property: ingress_throughput + - property: backbone_name + schema: + $ref: '#/components/schemas/RequestBody_Connection' + responses: + '200': + content: + application/json: + examples: + Connections: + value: + - backbone_name: backbone1 + connection_name: connection1 + egress_throughput: 100.0 + ingress_throughput: 89.0 + status: ACTIVE + tenants: 5 + upTime: 123456 + Connections Per Backbone: + value: + - backbone_name: backbone1 + connection_name: connection1 + egress_throughput: 100.0 + ingress_throughput: 89.0 + status: ACTIVE + tenants: 5 + upTime: 123456 + description: Success + '400': + description: Bad Request + '500': + description: Server Error + security: + - Bearer: [] + summary: Connection statistics + tags: + - ConnectionMonitoring + /api/cloud/2.0/interconnect/monitor/connections/latency: + post: + description: "Provides precise measurements of the time delay experienced in\ + \ data transmission across a network connection, \nenabling real-time monitoring\ + \ and optimization of network performance. \n" + operationId: post-api-cloud-2.0-interconnect-monitor-connections-latency + requestBody: + content: + application/json: + examples: + Connection Latency to PA Edge: + value: + filter: + operator: AND + rules: + - operator: last_n_days + property: event_time + values: + - 7 + - operator: in + property: connection_id + values: + - '12345' + histogram: + enableEmptyInterval: false + property: event_time + range: day + value: '1' + properties: + - property: region + - property: latency + - property: event_time + schema: + $ref: '#/components/schemas/RequestBody_Connection' + responses: + '200': + content: + application/json: + examples: + Connection Latency to PA Edge: + value: + - connection_name: connection1 + event_time: 9876547 + latency: 100.0 + description: Success + '400': + description: Bad Request + '500': + description: Server Error + security: + - Bearer: [] + summary: Latency materics + tags: + - ConnectionMonitoring + /api/cloud/2.0/interconnect/monitor/connections/throughput: + post: + description: "Provides detailed metrics on the rate of incoming (ingress) and\ + \ outgoing (egress) data traffic, allowing for \nreal-time monitoring and\ + \ analysis of network performance and bandwidth utilization. \n" + operationId: post-api-cloud-2.0-interconnect-monitor-connections-throughput + requestBody: + content: + application/json: + examples: + Ingress Egress Throughput: + value: + filter: + operator: AND + rules: + - operator: last_n_days + property: event_time + values: + - 7 + - operator: in + property: connection_name + values: + - connection1 + histogram: + enableEmptyInterval: false + property: event_time + range: day + value: '1' + properties: + - property: connection_name + - function: avg + property: egress_throughput + - function: avg + property: ingress_throughput + - property: connection_id + - property: event_time + schema: + $ref: '#/components/schemas/RequestBody_Connection' + responses: + '200': + content: + application/json: + examples: + Ingress Egress Throughput: + value: + - connection_id: id1 + connection_name: connection1 + egress_throughput: 100.0 + event_time: 9876547 + ingress_throughput: 89.0 + description: Success + '400': + description: Bad Request + '500': + description: Server Error + security: + - Bearer: [] + summary: Ingress/Egress throughput + tags: + - ConnectionMonitoring + /api/cloud/2.0/interconnect/monitor/connections/traffic: + post: + description: "Provides comprehensive data on incoming (ingress) and outgoing\ + \ (egress) netwrok traffic, \nenabling moniotoring and anlysis of traffic\ + \ patterns, bandwidth usage, and network performance. \n" + operationId: post-api-cloud-2.0-interconnect-monitor-connections-traffic + requestBody: + content: + application/json: + examples: + Ingress Egress Data Transfer: + value: + filter: + operator: AND + rules: + - operator: last_n_days + property: event_time + values: + - 7 + - operator: in + property: connection_name + values: + - connection1 + histogram: + enableEmptyInterval: false + property: event_time + range: day + value: '1' + properties: + - property: connection_name + - function: sum + property: egress_traffic + - function: sum + property: ingress_traffic + - property: connection_id + schema: + $ref: '#/components/schemas/RequestBody_Connection' + responses: + '200': + content: + application/json: + examples: + Ingress Egress Data Transfer: + value: + - connection_id: id1 + connection_name: connection1 + egress_traffic: 100.0 + event_time: 9876547 + ingress_traffic: 89.0 + description: Success + '400': + description: Bad Request + '500': + description: Server Error + security: + - Bearer: [] + summary: Ingress/Egress traffic + tags: + - ConnectionMonitoring + /api/cloud/2.0/interconnect/monitor/ip-pool-usage: + get: + description: "Provides a real-time and historical data on the allocation and\ + \ utilization of IP addresses within a specified pool, enabling efficient\ + \ network resource management. \n" + operationId: get-api-cloud-2.0-interconnect-monitor-ip-pool-usage + responses: + '200': + content: + application/json: + examples: + IP Pool Usage: + value: + - configuredIps: 768 + incidentCount: 0 + location: US West + name: anil + percentageUsed: 0.0 + region: us-west2 + usedIps: 0 + description: Success + '400': + description: Bad Request + '500': + description: Server Error + security: + - Bearer: [] + summary: IP Pool usage + tags: + - IPPoolMonitor + /api/cloud/2.0/interconnect/regions: + get: + description: "Get list of all the supported regions and you can use this during\ + \ the creation of a connection. \n" + operationId: get-api-cloud-2.0-interconnect-regions + responses: + '200': + content: + application/json: + examples: + Get Regions: + value: + data: + - asia-east1 + - asia-east2 + - asia-south1 + - asia-south2 + - asia-southeast1 + - asia-southeast2 + - australia-southeast1 + - australia-southeast2 + - europe-north1 + - europe-southwest1 + - europe-west1 + - europe-west2 + - europe-west3 + - europe-west4 + - europe-west6 + - europe-west8 + - europe-west9 + - northamerica-northeast1 + - northamerica-northeast2 + - southamerica-east1 + - southamerica-west1 + - us-central1 + - us-east1 + - us-east4 + - us-south1 + - us-west1 + - us-west2 + requestId: 06bd35c6-e446-4e2a-96ae-a6b05607084b + description: Success + security: + - Bearer: [] + summary: Supported regions + tags: + - Region +servers: +- url: https://api.sase.paloaltonetworks.com +tags: +- description: "A Backbone is a virtual grouping of network connections. It serves\ + \ as the core structure around which other elements like connections and tenants\ + \ are organized. \nManaging a backbone allows you to oversee the connections and\ + \ tenants associated with it, providing a centralized point for monitoring and\ + \ control.\n" + name: Backbone API +- description: "A Connection represents a link between different network segments\ + \ or regions. Creating and managing connections allows for the integration and\ + \ interaction of various parts of your network infrastructure. \nEach connection\ + \ is associated with a specific backbone, enabling detailed monitoring and management.\ + \ \n" + name: Connection API +- description: "You can select or assign an IP Pool to a region of your choice from\ + \ the given list. \n" + name: Region API +- description: "Monitor the performance and status of all backbones. You can track\ + \ egress and ingress throughput, view detailed egress and ingress statistics,\ + \ and monitor egress and ingress throughput by providing tenant information. \n\ + Additionally, you can view egress and ingress statistics by tenant and get an\ + \ autogenerated summary of the backbone's overall performance and status.\n" + name: Backbone Monitoring API +- description: "Monitor the performance and details of all connections. This includes\ + \ providing connection statistics, latency details, and connection statistics\ + \ through egress and ingress throughput. \nAdditionally, you can monitor egress\ + \ and ingress traffic for each connection.\n" + name: Connection Monitoring API +- description: "An IP Pool is a collection of IP addresses that can be assigned to\ + \ different regions within your network. You can either use IP address provided\ + \ by Prisma Access or bring your own IP address.\nManaging IP pools includes creating,updating,assigning\ + \ to regions, and deleting IP pools based on your network requirements. \n" + name: IP Pool API +- description: "Provides details on the IP Pool usage. \n" + name: IP Pool Monitoring API diff --git a/openapi-specs/sase/remote-networks/paloaltonetworks-Remote_Networks.yaml b/openapi-specs/sase/remote-networks/paloaltonetworks-Remote_Networks.yaml new file mode 100644 index 000000000..6a23a0040 --- /dev/null +++ b/openapi-specs/sase/remote-networks/paloaltonetworks-Remote_Networks.yaml @@ -0,0 +1,2586 @@ +components: + parameters: + Lattitude: + description: lattitude of a region + in: query + name: lattitude + required: true + schema: + type: string + Limit: + description: number of nearest locations + in: query + name: limit + schema: + default: 1 + format: int32 + type: integer + LocationInfoType: + description: Type of info queried + in: query + name: info_type + required: false + schema: + type: string + Longitude: + description: longitude of a region + in: query + name: longitude + required: true + schema: + type: string + Region: + description: agg bandwidth region + in: query + name: region + required: true + schema: + type: string + RemoteNetworksNames: + explode: true + in: query + name: Name + required: false + schema: + items: + type: string + type: array + style: deepObject + SiteNames: + in: query + name: SiteNames + schema: + items: + type: string + type: array + SpnName: + description: agg bandwidth region + in: query + name: SpnName + required: true + schema: + type: string + SubTenantName: + description: sub tenant name in a multi-tenancy setup + in: query + name: SubTenantName + schema: + type: string + folder-optional: + description: The folder for cloud config management + in: query + name: folder + required: false + schema: + type: string + limit-optional: + description: The max count in result entry (count per page) + in: query + name: limit + required: false + schema: + type: integer + name-optional: + description: The name of the entry + in: query + name: name + required: false + schema: + type: string + offset-optional: + description: The offset of the result entry + in: query + name: offset + required: false + schema: + type: integer + uuid: + description: uuid for the request + in: query + name: id + required: true + schema: + format: uuid + type: string + responses: + access_errors: + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + description: Forbidden + auth_errors: + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + description: Unauthorized + bad_request_errors_basic: + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + description: Bad Request + bad_request_errors_basic_with_body: + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + description: Bad Request + default_errors: + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + description: General Errors + not_found: + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + description: Not Found + schemas: + BandwidthAllocation: + properties: + bandwidth: + description: bandwidth to allocate in Mbps + type: string + compute_location: + description: aggregate compute region + type: string + edge_location: + description: edge location for given lat/long/ip + type: string + ipsec_node_list: + description: ipsec node list + items: + type: string + type: array + location: + $ref: '#/components/schemas/Location' + required: + - location + - bandwidth + type: object + BandwidthAllocationRegionNamesSet: + properties: + bandwidth_allocation_region_names: + items: + type: string + maxItems: 100 + minItems: 0 + type: array + uniqueItems: true + type: object + BandwidthAllocationSet: + properties: + bandwidth_allocations: + description: bandwidth allocations + items: + $ref: '#/components/schemas/BandwidthAllocation' + type: array + uuid: + $ref: '#/components/schemas/UuidResponse' + type: object + BandwidthAllocationSetV2: + properties: + bandwidth_allocations: + description: bandwidth allocations + items: + $ref: '#/components/schemas/BandwidthAllocationV2' + type: array + uuid: + $ref: '#/components/schemas/UuidResponse' + type: object + BandwidthAllocationV2: + properties: + bandwidth: + description: bandwidth to allocate in Mbps + type: string + compute_location: + description: aggregate compute region + type: string + edge_location: + description: edge location for given lat/long/ip + type: string + ipsec_node_list: + description: ipsec node list + items: + type: string + type: array + ipsec_termination_service: + description: ipsec termination service list + items: + properties: + capacity: + type: integer + name: + type: string + type: object + type: array + location: + $ref: '#/components/schemas/Location' + required: + - location + - bandwidth + type: object + ConfigRead: + properties: + config: + properties: + bandwidth_allocations: + items: + properties: + bandwidth: + type: string + compute_location: + type: string + ipsec_termination_service: + items: + properties: + capacity: + type: string + name: + type: string + type: object + type: array + spn_name_list: + items: + type: string + type: array + type: object + type: array + ike_crypto_profiles: + items: + properties: + dh-group: + properties: + member: + type: string + type: object + encryption: + properties: + member: + type: string + type: object + hash: + properties: + member: + type: string + type: object + lifetime: + properties: + hours: + type: string + type: object + name: + type: string + type: object + type: array + ipsecrypto_profiles: + items: + properties: + dh-group: + type: string + esp: + properties: + authentication: + properties: + member: + type: string + type: object + encryption: + properties: + member: + type: string + type: object + type: object + lifetime: + properties: + hours: + type: string + type: object + name: + type: string + type: object + type: array + remote_networks: + items: + properties: + ecmp-load-balancing: + type: string + ipsec-tunnel: + type: string + license-type: + type: string + name: + type: string + protocol: + properties: + bgp: + properties: + enable: + type: string + type: object + type: object + region: + type: string + secondary-wan-enabled: + type: string + spn-name: + type: string + subnets: + properties: + member: + items: + type: string + type: array + type: object + type: object + type: array + type: object + resources: + items: + enum: + - remote_networks + - ipsec_crypto_profiles + - ike_crypto_profiles + - bandwidth_allocations + type: string + type: array + type: object + ConfigResources: + properties: + resources: + items: + enum: + - remote_networks + - ipsec_crypto_profiles + - ike_crypto_profiles + - bandwidth_allocations + type: string + type: array + type: object + EcmpLoadBalancing: + properties: + ecmp_load_balancing_enabled: + default: disable + enum: + - enable + - disable + type: string + ecmp_tunnels: + description: ecmp_tunnels is required when ecmp_load_balancing is enable + items: + properties: + do_not_export_routes: + type: boolean + ipsec_tunnel: + $ref: '#/components/schemas/IpsecTunnel' + local_ip_address: + type: string + name: + type: string + originate_default_route: + type: boolean + peer_as: + type: string + peer_ip_address: + type: string + peering_type: + description: 'Exchange Routes: exchange-v4-over-v4 stands for Exchange + IPv4 routes over IPv4 peering. exchange-v4-v6-over-v4 stands for + Exchange both IPv4 and IPv6 routes over IPv4 peering. exchange-v4-over-v4-v6-over-v6 + stands for Exchange IPv4 routes over IPv4 peer and IPv6 route over + IPv6 peer. exchange-v6-over-v6 stands for Exchange IPv6 routes over + IPv6 peering.' + enum: + - exchange-v4-over-v4 + - exchange-v4-v6-over-v4 + - exchange-v4-over-v4-v6-over-v6 + - exchange-v6-over-v6 + type: string + secret: + type: string + summarize_mobile_user_routes: + type: boolean + required: + - name + - ipsec_tunnel + type: object + maxLength: 4 + type: array + type: object + Ike: + properties: + advanced: + $ref: '#/components/schemas/IkeAdvanced' + authentication: + properties: + pre_shared_key_auth: + description: user provided key + type: string + type: object + crypto: + oneOf: + - $ref: '#/components/schemas/IkeCryptoProfiles' + - $ref: '#/components/schemas/IkeCrypto' + type: object + local_id: + properties: + id: + description: Local ID string + maxLength: 1024 + minLength: 1 + pattern: ^(.+\@[a-zA-Z0-9.-]+)$|^([$a-zA-Z0-9_:.-]+)$|^(([[:xdigit:]][[:xdigit:]])+)$|^([a-zA-Z0-9.]+=(\\,|[^,])+[, + ]+)*([a-zA-Z0-9.]+=(\\,|[^,])+)$ + type: string + type: + type: string + type: object + peer_address: + oneOf: + - properties: + ip: + description: peer gateway has static IP address + type: string + title: ip + type: object + - properties: + fqdn: + description: peer gateway FQDN name + maxLength: 255 + type: string + title: fqdn + type: object + - properties: + dynamic: + default: {} + type: object + title: dynamic + type: object + type: object + peer_id: + properties: + id: + description: Peer ID string + maxLength: 1024 + minLength: 1 + pattern: ^(.+\@[\*a-zA-Z0-9.-]+)$|^([\*$a-zA-Z0-9_:.-]+)$|^(([[:xdigit:]][[:xdigit:]])+)$|^([a-zA-Z0-9.]+=(\\,|[^,])+[, + ]+)*([a-zA-Z0-9.]+=(\\,|[^,])+)$ + type: string + type: + enum: + - ipaddr + - keyid + - fqdn + - ufqdn + type: string + type: object + required: + - authentication + - crypto + - peer_address + type: object + IkeAdvanced: + properties: + fragmentation: + properties: + enable: + default: false + enum: + - false + type: boolean + type: object + nat_traversal: + properties: + enable: + type: boolean + type: object + passive_mode: + type: boolean + type: object + IkeCrypto: + properties: + ipsec_crypto_profile: + example: + - ike_aruba + - ike_aryaka + - ike_citrix + - ike_riverbed + type: string + type: object + IkeCryptoProfiles: + properties: + authentication_multiple: + default: 0 + description: IKEv2 SA reauthentication interval equals authetication-multiple + * rekey-lifetime; 0 means reauthentication disabled + maximum: 50 + type: integer + dh_group: + items: + default: group2 + description: Phase-1 DH group + enum: + - group1 + - group2 + - group5 + - group14 + - group19 + - group20 + type: string + type: array + encryption: + description: Encryption algorithm + items: + default: aes-128-cbc + enum: + - des + - 3des + - aes-128-cbc + - aes-192-cbc + - aes-256-cbc + - aes-128-gcm + - aes-256-gcm + type: string + type: array + hash: + items: + default: sha1 + description: Hashing algorithm + enum: + - md5 + - sha1 + - sha256 + - sha384 + - sha512 + type: string + type: array + id: + description: uuid of the resource + example: abcd-1234 + readOnly: true + type: string + lifetime: + oneOf: + - properties: + seconds: + description: specify lifetime in seconds + maximum: 65535 + minimum: 180 + type: integer + title: seconds + type: object + - properties: + minutes: + description: specify lifetime in minutes + maximum: 65535 + minimum: 3 + type: integer + title: minutes + type: object + - properties: + hours: + description: specify lifetime in hours + maximum: 65535 + minimum: 1 + type: integer + title: hours + type: object + - properties: + days: + description: specify lifetime in days + maximum: 365 + minimum: 1 + type: integer + title: days + type: object + type: object + name: + description: 'Alphanumeric string begin with letter: [0-9a-zA-Z._-]' + maxLength: 31 + type: string + required: + - name + - encryption + - hash + - dh_group + type: object + IkeCryptoProfilesNamesSet: + properties: + ike_crypto_profiles_names: + items: + type: string + maxItems: 100 + minItems: 0 + type: array + uniqueItems: true + type: object + IkeCryptoProfilesSet: + description: set of ike crypto profiles + properties: + IkeCryptoProfiles: + description: The ike crypto profile + items: + $ref: '#/components/schemas/IkeCryptoProfiles' + type: array + type: object + IpsecCrypto: + properties: + ipsec_crypto_profile: + example: + - ipsec_aruba + - ipsec_aryaka + - ipsec_citrix + - ipsec_riverbed + type: string + type: object + IpsecCryptoProfiles: + properties: + ah: + properties: + authentication: + items: + enum: + - md5 + - sha1 + - sha256 + - sha384 + - sha512 + type: string + type: array + required: + - authentication + type: object + dh_group: + default: group2 + description: phase-2 DH group (PFS DH group) + enum: + - no-pfs + - group1 + - group2 + - group5 + - group14 + - group19 + - group20 + type: string + esp: + properties: + authentication: + description: Authentication algorithm + items: + default: sha1 + type: string + type: array + encryption: + description: Encryption algorithm + items: + default: aes-128-cbc + enum: + - des + - 3des + - aes-128-cbc + - aes-192-cbc + - aes-256-cbc + - aes-128-gcm + - aes-256-gcm + - 'null' + type: string + type: array + required: + - encryption + - authentication + type: object + lifesize: + $ref: '#/components/schemas/Lifesize' + lifetime: + $ref: '#/components/schemas/Lifetime' + name: + description: 'Alphanumeric string begin with letter: [0-9a-zA-Z._-]' + maxLength: 31 + type: string + required: + - name + - lifetime + type: object + IpsecCryptoProfilesNamesSet: + properties: + ipsec_crypto_profiles_names: + items: + type: string + maxItems: 100 + minItems: 0 + type: array + uniqueItems: true + type: object + IpsecCryptoProfilesSet: + description: set of ipsec crypto profiles + properties: + IkeCryptoProfiles: + description: The ipsec crypto profile + items: + $ref: '#/components/schemas/IpsecCryptoProfiles' + type: array + type: object + IpsecTunnel: + properties: + anti_replay: + description: Enable Anti-Replay check on this tunnel + type: boolean + copy_tos: + default: false + description: Copy IP TOS bits from inner packet to IPSec packet (not recommended) + type: boolean + crypto: + oneOf: + - $ref: '#/components/schemas/IpsecCryptoProfiles' + - $ref: '#/components/schemas/IpsecCrypto' + type: object + enable_gre_encapsulation: + default: false + description: allow GRE over IPSec + type: boolean + ike: + $ref: '#/components/schemas/Ike' + subnets: + items: + type: string + type: array + tunnel_monitor: + properties: + destination_ip: + description: Destination IP to send ICMP probe + type: string + enable: + default: true + description: Enable tunnel monitoring on this tunnel + type: boolean + proxy_id: + description: Which proxy-id (or proxy-id-v6) the monitoring traffic + will use + type: string + required: + - destination_ip + type: object + required: + - ike + type: object + Lifesize: + oneOf: + - properties: + kb: + description: specify lifesize in kilobytes(KB) + maximum: 65535 + minimum: 1 + type: integer + title: kb + type: object + - properties: + mb: + description: specify lifesize in megabytes(MB) + maximum: 65535 + minimum: 1 + type: integer + title: mb + type: object + - properties: + gb: + description: specify lifesize in gigabytes(GB) + maximum: 65535 + minimum: 1 + type: integer + title: gb + type: object + - properties: + tb: + description: specify lifesize in terabytes(TB) + maximum: 65535 + minimum: 1 + type: integer + title: tb + type: object + type: object + Lifetime: + oneOf: + - properties: + seconds: + description: specify lifetime in seconds + maximum: 65535 + minimum: 180 + type: integer + title: seconds + type: object + - properties: + minutes: + description: specify lifetime in minutes + maximum: 65535 + minimum: 3 + type: integer + title: minutes + type: object + - properties: + hours: + description: specify lifetime in hours + maximum: 65535 + minimum: 1 + type: integer + title: hours + type: object + - properties: + days: + description: specify lifetime in days + maximum: 365 + minimum: 1 + type: integer + title: days + type: object + type: object + Location: + description: Site Public IP or approximate gps coordinates + properties: + public-ip: + $ref: '#/components/schemas/PublicIp' + region-cordinates: + $ref: '#/components/schemas/RegionCordinates' + type: object + LocationInformationSet: + description: information for a set of locations + properties: + bandwidth_allocations: + $ref: '#/components/schemas/BandwidthAllocationSet' + info_type: + type: string + location_region_info: + $ref: '#/components/schemas/LocationRegionInfoSet' + type: object + LocationRegionInfo: + properties: + compute_location: + description: aggregate compute region + type: string + edge_location: + description: edge location for given lat/long/ip + type: string + location: + $ref: '#/components/schemas/Location' + required: + - location + - compute_location + - edge_location + type: object + LocationRegionInfoSet: + properties: + regions_info: + description: regions mapped info + items: + $ref: '#/components/schemas/LocationRegionInfo' + type: array + required: + - location + type: object + LocationSet: + description: set of locations + properties: + description: + description: optional user description + type: string + locations: + description: locations + items: + $ref: '#/components/schemas/Location' + type: array + type: object + NearestLocation: + properties: + country: + type: string + country_code: + type: string + display_name: + type: string + distance: + format: double + type: number + edge_location_name: + type: string + latitude: + type: string + longitude: + type: string + type: object + NearestLocationSet: + items: + $ref: '#/components/schemas/NearestLocation' + type: array + PublicIp: + description: Public IP to detect region + properties: + PublicIp: + description: Public IP to detect region + format: ipv4 + type: string + type: object + RegionCordinates: + description: approximate longitude latitude of the region + properties: + latitude: + description: Approximate Latitude for the site location + type: string + longitude: + description: Approximate Longitude for the site location + type: string + type: object + RemoteNetworkArchitecture: + properties: + capabilities: + properties: + compute_redundancy_support: + description: Indicates whether compute region redundancy is supported + type: boolean + site_level_cir_support: + description: Indicates whether Remote Network Sites with CIR (committed + information rate) configuration is supported + type: boolean + type: object + description: + description: A description of the architecture version + example: Remote Network Classic architecture + type: string + version: + description: Version string of the architecture + example: v1 + type: string + type: object + RemoteNetworkArchitectureDetails: + properties: + architecture_versions: + $ref: '#/components/schemas/RemoteNetworkArchitectures' + type: object + prisma_access_locations: + description: List of compute locations and their corresponding supported + architecture versions + items: + properties: + architecture_version: + description: Architecture version supported in this compute location. + This will be one of the keys in "architecture_versions" property's + key/value pairs + example: v1 + type: string + compute_location_config_name: + description: Aggregate compute location configuration name + example: us-southeast + type: string + compute_location_display_name: + description: Aggregate compute location display name + example: US Southeast + type: string + location_config_name: + description: Prisma Access Edge location configuration name + example: panama + type: string + location_display_name: + description: Prisma Access Edge location display name + example: Panama + type: string + type: object + type: array + type: object + RemoteNetworkArchitectures: + additionalProperties: + $ref: '#/components/schemas/RemoteNetworkArchitecture' + description: Key/Value pairs of architecture version key ("v1", "v2" etc) and + value of architecture details + example: + v1: + capabilities: + compute_redundancy_support: false + site_level_cir_support: false + description: Remote Network Classic architecture + version: v1 + v2: + capabilities: + compute_redundancy_support: true + site_level_cir_support: true + description: Remote Network High Performance (RN-HP) architecture + version: v2 + type: object + RemoteNetworksIpsecTunnel: + properties: + bgp: + properties: + bgp_peer: + properties: + local_ip_address: + type: string + peer_ip_address: + type: string + secret: + type: string + type: object + do_not_export_routes: + type: boolean + enable: + type: boolean + local_ip_address: + type: string + originate_default_route: + type: boolean + peer_as: + type: string + peer_ip_address: + type: string + peering_type: + description: 'Exchange Routes: exchange-v4-over-v4 stands for Exchange + IPv4 routes over IPv4 peering. exchange-v4-v6-over-v4 stands for Exchange + both IPv4 and IPv6 routes over IPv4 peering. exchange-v4-over-v4-v6-over-v6 + stands for Exchange IPv4 routes over IPv4 peer and IPv6 route over + IPv6 peer. exchange-v6-over-v6 stands for Exchange IPv6 routes over + IPv6 peering.' + enum: + - exchange-v4-over-v4 + - exchange-v4-v6-over-v4 + - exchange-v4-over-v4-v6-over-v6 + - exchange-v6-over-v6 + type: string + secret: + type: string + summarize_mobile_user_routes: + type: boolean + type: object + ecmp-load-balancing: + $ref: '#/components/schemas/EcmpLoadBalancing' + ipsec-termination-node: + description: ipsec termination node + type: string + name: + description: 'Alphanumeric string begin with letter: [0-9a-zA-Z._-]' + maxLength: 63 + type: string + primary_tunnel: + $ref: '#/components/schemas/IpsecTunnel' + region: + minLength: 5 + type: string + secondary_tunnel: + $ref: '#/components/schemas/IpsecTunnel' + required: + - name + - region + type: object + RemoteNetworksIpsecTunnelResponse: + properties: + name: + description: rn name + type: string + pre_shared_key: + description: Pre Shared Key for the Ipsec Tunnel + type: string + service_ip: + description: Service Ip for the provisioned remote network tunnel + format: ipv4 + type: string + tunnel_id: + description: tunnel id + type: string + type: object + RemoteNetworksIpsecTunnelResponseSet: + properties: + remote_networks_ipsec_tunnel_response_set: + items: + $ref: '#/components/schemas/RemoteNetworksIpsecTunnelResponse' + type: array + type: object + RemoteNetworksIpsecTunnelSet: + properties: + name: + description: provide a name to use as a suffix for bulk operations + type: string + remote_networks_ipsec_tunnels: + items: + $ref: '#/components/schemas/RemoteNetworksIpsecTunnel' + maxItems: 100 + minItems: 1 + type: array + uniqueItems: true + required: + - name + type: object + RemoteNetworksNamesSet: + properties: + remote_networks_names: + items: + type: string + maxItems: 100 + minItems: 0 + type: array + uniqueItems: true + type: object + RequestRecord: + properties: + JobId: + type: string + writeOnly: true + RequestId: + type: string + RequestOrder: + type: string + RequestPayload: + readOnly: true + type: string + RequestResult: + type: string + RequestResultHash: + type: string + RequestStatus: + type: string + RequestTimeStamp: + type: string + SubTenantName: + type: string + TenantId: + type: string + type: object + RequestRecordSet: + properties: + count: + description: total number of records in the set + type: string + request_record_set: + items: + $ref: '#/components/schemas/RequestRecord' + type: array + type: object + Site: + properties: + address_line_1: + description: Address that the site has been created in + type: string + address_line_2: + description: Address that the site has been created in + type: string + city: + description: City that the site has been created in + example: Bangalore + type: string + country: + description: Country that the site has been created in + example: India + type: string + id: + description: uuid of the site + example: abcd-1234 + readOnly: true + type: string + latitude: + description: Latitude that the site has been created in + example: '72.10928' + type: string + longitude: + description: Longitude that the site has been created in + example: '72.10928' + type: string + members: + items: + properties: + mode: + description: Mode that the RN has to be configured in for this site + enum: + - active + - backup + example: active + type: string + name: + type: string + remote_network: + description: Name of the configured remote network to be added as + part of the site + example: sdwan-site-member-1 + type: string + type: object + type: array + name: + description: Name of the site defined + example: sdwan-site-1 + type: string + qos: + properties: + backup_cir: + description: CIR in mbps for backup region distributed equally for all + tunnels in the site + example: '10' + type: number + cir: + description: CIR in mbps distributed equally for all tunnels in the + site + example: '10' + type: number + profile: + description: Name of the qos profile configured + type: string + type: object + sdwan_site_id: + description: uuid of the sdwan site + example: abcd-1234 + readOnly: true + type: string + state: + description: State that the site has been created in + example: Karnataka + type: string + type: + description: Type of the site + enum: + - prisma-sdwan + - third-party-branch + - third-party-discovered + example: prisma-sdwan + type: string + zip_code: + description: Zip code of the region that the site has been created in + example: '72.10928' + type: string + required: + - name + - members + type: object + SiteSet: + properties: + sites: + description: collection of sites + items: + $ref: '#/components/schemas/Site' + type: array + uuid: + $ref: '#/components/schemas/UuidResponse' + type: object + TenantInfo: + properties: + panorama_cloud_service_plugin_version: + description: PrismaAccessPanorama cloud service plugin version if type is + PrismaAccessPanorama + type: string + panorama_subtenant_info: + description: PrismaAccessPanorama subtenant information + items: + properties: + id: + type: string + name: + type: string + type: object + type: array + panorama_version: + description: PrismaAccessPanorama version if type is PrismaAccessPanorama + type: string + type: + description: PrismaAccess or PrismaAccessPanorama + enum: + - prisma_access + - prisma_access_panorama + type: string + type: object + UuidResponse: + properties: + uuid: + format: uuid + type: string + readOnly: true + type: object + error_detail_cause_info: + properties: + code: + type: string + details: + type: object + help: + type: string + message: + type: string + title: Cause Info + type: object + error_detail_cause_infos: + items: + $ref: '#/components/schemas/error_detail_cause_info' + type: array + generic_error: + properties: + _errors: + $ref: '#/components/schemas/error_detail_cause_infos' + _request_id: + type: string + type: object + securitySchemes: + Bearer: + scheme: bearer + type: http +info: + contact: + email: support@paloaltonetworks.com + description: "This Open API spec file represents the APIs available for\n[Palo Alto\ + \ Networks Interconnect](https://docs.paloaltonetworks.com/NEED-URL) APIs. ???\ + \ Add RN decription here ?????\n\nThese APIs use the common SASE authentication\ + \ mechanism and base URL. See the\n[Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted)\ + \ guide for more information.\n\nThis Open API spec file was created on July 20,\ + \ 2024. To check for a more recent version of this file, see\n[Interconnect APIs\ + \ on pan.dev](https://pan.dev/sase/api/mt-sp-interconnect/mt-interconnect-api.html).\ + \ ??? Replace the link with RN ????\n\n\xA9 2024 Palo Alto Networks, Inc. Palo\ + \ Alto Networks is a registered trademark of Palo\nAlto Networks. A list of our\ + \ trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ + \nAll other marks mentioned herein may be trademarks of their respective companies.\n" + title: Remote Networks API + version: '1.0' + x-api-id: todo12345 + x-audience: external-public +openapi: 3.0.2 +paths: + /v1/bandwidth-allocations: + delete: + description: 'Allows you to delete an aggregated bandwidth region. + + ' + operationId: delete-v1-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/SubTenantName' + - $ref: '#/components/parameters/Region' + - $ref: '#/components/parameters/SpnName' + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Delete an aggregated bandwidth region + tags: + - bandwidth allocations + get: + description: 'Provides the status for the given ID. + + ' + operationId: get-v1-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationSet' + description: status for the given id + security: + - Bearer: [] + summary: Lists the status for the given ID + tags: + - bandwidth allocations + post: + description: 'Create aggregated bandwidth regions based on location data. + + ' + operationId: post-v1-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationSet' + description: The aggregated bandwidth region you want to create + required: true + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Create aggregated bandwidth regions + tags: + - bandwidth allocations + put: + description: 'Modify an aggregated bandwidth regions. + + ' + operationId: put-v1-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationSet' + description: The aggregated bandwidth region you want to create + required: true + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Edit aggregated bandwidth regions + tags: + - bandwidth allocations + /v1/bandwidth-allocations-read: + get: + description: 'Fetch the sire request if available. + + ' + operationId: get-v1-bandwidth-allocations-read + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationSet' + description: Get the bandwidth allocation status. + security: + - Bearer: [] + summary: 'Poll for new site requests + + ' + tags: + - bandwidth allocations + post: + description: 'Create bandwidth allocation read request. + + ' + operationId: post-v1-bandwidth-allocations-read + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationRegionNamesSet' + description: The bandwidth allocation that you want to read + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: 'Create bandwidth allocation read request + + ' + tags: + - bandwidth allocations + /v1/config-read: + get: + description: 'Create read request to enable APIs. + + ' + operationId: get-v1-config-read + parameters: + - $ref: '#/components/parameters/SubTenantName' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ConfigRead' + description: Get the enable read information. + security: + - Bearer: [] + summary: 'Details on read request to enable APIs + + ' + tags: + - Configuration Read + post: + description: 'Create read request to enable APIs. + + ' + operationId: post-v1-config-read + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ConfigResources' + description: The post read request for enabling apis. + responses: + '200': + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: 'Read request to enable APIs + + ' + tags: + - Configuration Read + put: + description: 'Update read request to enable APIs. + + ' + operationId: put-v1-config-read + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ConfigResources' + description: The post read request for enabling apis. + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: 'Update read request to enable APIs + + ' + tags: + - Configuration Read + /v1/ike-crypto-profiles: + delete: + description: 'Delete a ike crypto profile. + + ' + operationId: delete-v1-ike-crypto-profiles + parameters: + - $ref: '#/components/parameters/SubTenantName' + - description: ike crypto profile name + in: query + name: name + required: true + schema: + type: string + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Delete a ike crypto profile. + tags: + - ike crypto profiles + get: + description: "Provides a list of Internet Key Exchange(IKE) Crypto Profiles.\ + \ \n" + operationId: get-v1-ike-crypto-profiles + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + properties: + data: + allOf: + - items: + $ref: '#/components/schemas/IkeCryptoProfiles' + type: array + limit: + default: 200 + type: number + offset: + default: 0 + type: number + total: + type: number + type: object + description: List of ike crypto profiles + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Get IKE crypto profile + tags: + - ike crypto profiles + post: + description: "Create an IKE Crypto Profiles. \n" + operationId: post-v1-ike-crypto-profiles + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IkeCryptoProfiles' + description: The ike crypto profile you want to create + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Create IKE Crypto Profile + tags: + - ike crypto profiles + put: + description: 'Modify a ike crypto profile. + + ' + operationId: put-v1-ike-crypto-profiles + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IkeCryptoProfiles' + description: The ike crypto profile you want to edit + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Edit a ike crypto profile. + tags: + - ike crypto profiles + /v1/ike-crypto-profiles-read: + get: + description: 'Provides a list of IKE Crypto Profiles. + + ' + operationId: get-v1-ike-crypto-profiles-read + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + properties: + data: + $ref: '#/components/schemas/IkeCryptoProfilesSet' + limit: + default: 200 + type: number + offset: + default: 0 + type: number + total: + type: number + type: object + description: List of ike crypto profiles + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Get IKE Crypto Profiles + tags: + - ike crypto profiles + post: + description: 'Allows you to create IKE Crypto Profiles. + + ' + operationId: post-v1-ike-crypto-profiles-read + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IkeCryptoProfilesNamesSet' + description: The ike crypto profile you want to read + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Create IKE Crypto Profiles + tags: + - ike crypto profiles + /v1/ipsec-crypto-profiles: + delete: + description: 'Allows you to delete an IPSEC Crypto Profile. + + ' + operationId: delete-v1-ipsec-crypto-profiles + parameters: + - $ref: '#/components/parameters/SubTenantName' + - description: ipsec crypto profile name + in: query + name: name + required: true + schema: + type: string + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Delete an IPSEC Crypto Profile + tags: + - ipsec crypto profiles + get: + description: 'Provides you a list of IPSEC Crypto Profiles. + + ' + operationId: get-v1-ipsec-crypto-profiles + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + properties: + data: + allOf: + - items: + $ref: '#/components/schemas/IpsecCryptoProfiles' + type: array + limit: + default: 200 + type: number + offset: + default: 0 + type: number + total: + type: number + type: object + description: List of ipsec crypto profiles + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: List of the IPSEC Crypto Profiles + tags: + - ipsec crypto profiles + post: + description: 'Allows you to create a IPSEC Crypto Profile. + + ' + operationId: post-v1-ipsec-crypto-profiles + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IpsecCryptoProfiles' + description: The ipsec crypto profile you want to create + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Create a IPSEC crypto profile. + tags: + - ipsec crypto profiles + put: + description: 'Allows you to edit an IPSEC Crypto Profile. + + ' + operationId: put-v1-ipsec-crypto-profiles + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IpsecCryptoProfiles' + description: The ipsec crypto profile you want to edit + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Modify an IPSEC Crypto Profile + tags: + - ipsec crypto profiles + /v1/ipsec-crypto-profiles-read: + get: + description: "Provides a list of Internet Protocol Security (IPSEC) crypto profiles\ + \ that are created. \n" + operationId: get-v1-ipsec-crypto-profiles-read + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + properties: + data: + $ref: '#/components/schemas/IpsecCryptoProfilesSet' + limit: + default: 200 + type: number + offset: + default: 0 + type: number + total: + type: number + type: object + description: List of ipsec crypto profiles + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Get IPSEC Crypto Profiles + tags: + - ipsec crypto profiles + post: + description: 'Create a IPSEC Crypto Profile. + + ' + operationId: post-v1-ipsec-crypto-profiles-read + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IpsecCryptoProfilesNamesSet' + description: The ipsec crypto profiles you want to read + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Create IPSEC Crypto Profile + tags: + - ipsec crypto profiles + /v1/location-informations: + get: + description: 'Get the location information status of the given ID. + + ' + operationId: get-v1-location-informations + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/LocationInformationSet' + description: status for the given id + security: + - Bearer: [] + summary: Get status for the ID + tags: + - location informations + post: + description: 'Add a query based on location information. + + ' + operationId: post-v1-location-informations + parameters: + - $ref: '#/components/parameters/SubTenantName' + - $ref: '#/components/parameters/LocationInfoType' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/LocationSet' + description: The location info you want to query for + required: true + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Retrieve location-mapped information or configuration based on a query + tags: + - location informations + /v1/locations: + get: + description: "Provides details on all locations. \n" + operationId: get-v1-locations + responses: + '200': + content: + application/json: + schema: + items: + properties: + aggregate_region: + type: string + cloud_provider: + type: string + compute_region: + type: string + continent: + type: string + display: + type: string + value: + type: string + type: object + type: array + description: get all locations + security: + - Bearer: [] + summary: 'Location details + + ' + tags: + - Location + /v1/nearest-location: + get: + operationId: get-v1-nearest-location + parameters: + - $ref: '#/components/parameters/Lattitude' + - $ref: '#/components/parameters/Longitude' + - $ref: '#/components/parameters/Limit' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/NearestLocationSet' + description: nearest locations for the given latitude and longitude + security: + - Bearer: [] + summary: Autogenerated summary + tags: + - Nearest Location + /v1/remote-networks: + delete: + description: 'Allows you to delete the set of IPSEC tunnels. + + ' + operationId: delete-v1-remote-networks + parameters: + - $ref: '#/components/parameters/SubTenantName' + - description: remote networks prefix for bulk deletion + in: query + name: remote_networks_prefix + required: true + schema: + type: string + - $ref: '#/components/parameters/RemoteNetworksNames' + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Delete remote network IPSEC tunnels at bulk + tags: + - RemoteNetworks + get: + description: 'Get Remote Networks IPSEC tunnel details by ID. + + ' + operationId: get-v1-remote-networks + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RemoteNetworksIpsecTunnelResponseSet' + description: Get the remote networks ipsec tunnel status by uuid. + security: + - Bearer: [] + summary: Remote Networks IPSEC tunnel details by ID + tags: + - RemoteNetworks + post: + description: 'Create a Remote Network IPSEC tunnel. + + ' + operationId: post-v1-remote-networks + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RemoteNetworksIpsecTunnelSet' + description: The remote networks you want to create + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Create remote network IPSEC tunnel + tags: + - RemoteNetworks + put: + description: 'Allows you to edit a remote network IPSEC tunnel. + + ' + operationId: put-v1-remote-networks + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RemoteNetworksIpsecTunnelSet' + description: The remote networks you want to create + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Modify remote network IPSEC tunnel + tags: + - RemoteNetworks + /v1/remote-networks-architecture: + get: + description: 'Provides information about the remote network architectures supported + for the tenant. + + ' + operationId: get-v1-remote-networks-architecture + parameters: + - $ref: '#/components/parameters/SubTenantName' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RemoteNetworkArchitectureDetails' + description: request records for the given tenant + security: + - Bearer: [] + summary: 'Details on the Remote Network Architecture + + ' + tags: + - Remote Architecture + /v1/remote-networks-read: + get: + description: 'Get the remote networks IPSEC tunnel status by UUID. + + ' + operationId: get-v1-remote-networks-read + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RemoteNetworksIpsecTunnelSet' + description: Get the remote networks ipsec tunnel status by uuid. + security: + - Bearer: [] + summary: Get the remote networks IPSEC tunnel details by UUID. + tags: + - RemoteNetworks + post: + description: 'Create remote network IPSEC tunnel/s. + + ' + operationId: post-v1-remote-networks-read + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RemoteNetworksNamesSet' + description: The remote networks you want to create + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Create remote network IPSEC tunnel/s. + tags: + - RemoteNetworks + /v1/siteConfigRequests: + get: + description: 'Allows you to get the details regarding the site (if available). + + ' + operationId: get-v1-siteconfigrequests + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RequestRecordSet' + description: request records for the given tenant + security: + - Bearer: [] + summary: 'Poll for new site requests + + ' + tags: + - Site Configuration Requests + post: + description: 'Allows you to update the site requests. + + ' + operationId: post-v1-siteconfigrequests + parameters: + - $ref: '#/components/parameters/uuid' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RequestRecordSet' + responses: + '202': + content: + application/json: + schema: + type: string + description: successful operation + security: + - Bearer: [] + summary: 'Update site requests + + ' + tags: + - Site Configuration Requests + /v1/sites: + delete: + description: 'Helps you delete a set of sites. + + ' + operationId: delete-v1-sites + parameters: + - $ref: '#/components/parameters/SubTenantName' + - description: sites prefix for bulk deletion + in: query + name: sites_prefix + required: true + schema: + type: string + - $ref: '#/components/parameters/SiteNames' + - $ref: '#/components/parameters/folder-optional' + - $ref: '#/components/parameters/uuid' + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: "Bulk delete \n" + tags: + - Sites + get: + description: 'Provides details on all the created sites. + + ' + operationId: get-v1-sites + parameters: + - $ref: '#/components/parameters/uuid' + - $ref: '#/components/parameters/folder-optional' + - $ref: '#/components/parameters/name-optional' + - $ref: '#/components/parameters/limit-optional' + - $ref: '#/components/parameters/offset-optional' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SiteSet' + description: Get all the site details. + security: + - Bearer: [] + summary: 'Sites details + + ' + tags: + - Sites + post: + description: 'You can create sites at bulk + + ' + operationId: post-v1-sites + parameters: + - $ref: '#/components/parameters/SubTenantName' + - $ref: '#/components/parameters/folder-optional' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SiteSet' + description: The sites you want to create + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: 'Create sites + + ' + tags: + - Sites + put: + description: 'Helps you modify a site. + + ' + operationId: put-v1-sites + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SiteSet' + description: The sites you want to modify + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: 'Modify Sites + + ' + tags: + - Sites + /v1/tenantInfo: + get: + description: "Provides details on the tenant. \n" + operationId: get-v1-tenantinfo + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/TenantInfo' + description: metadata for the given tenant + security: + - Bearer: [] + summary: 'Tenant Information + + ' + tags: + - Tenant Information + /v2/bandwidth-allocations: + delete: + description: 'Delete an aggregated bandwidth region. + + ' + operationId: delete-v2-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/SubTenantName' + - $ref: '#/components/parameters/Region' + - $ref: '#/components/parameters/SpnName' + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Delete an aggregated bandwidth region + tags: + - bandwidth allocations + get: + description: 'status for the given id + + ' + operationId: get-v2-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationSetV2' + description: status for the given id + security: + - Bearer: [] + summary: status for the given id + tags: + - bandwidth allocations + post: + description: 'Allows you to create an aggregated bandwidth regions based on + the location data. + + ' + operationId: post-v2-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationSetV2' + description: The aggregated bandwidth region you want to create + required: true + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Create an aggregated bandwidth regions + tags: + - bandwidth allocations + put: + description: 'Modify aggregated bandwidth regions. + + ' + operationId: put-v2-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationSetV2' + description: The aggregated bandwidth region you want to create + required: true + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Edit aggregated bandwidth regions + tags: + - bandwidth allocations +servers: +- url: https://api.sase.paloaltonetworks.com +tags: +- description: 'IPSEC Crypto Profiles. + + ' + name: Internet Protocol Security Crypto Profiles +- description: 'IKE Crypto Profiles. + + ' + name: Internet Key Exchange Crypto Profiles +- description: 'Allocation of the bandwidth. + + ' + name: Bandwidth allocations +- description: "Information on the location. \n" + name: Location Information +- description: 'Status of the Remote Networks. + + ' + name: Remote Network Status +- description: "Request for the site configuration. \n" + name: Site Configuration Requests +- description: 'Read configuration details. + + ' + name: Configuration Read +- description: 'Sites + + ' + name: Sites +- description: "Nearest location. \n" + name: Nearest Location +- description: 'Location + + ' + name: Location +- description: 'Information about the Tenant. + + ' + name: Tenant Information +- description: "Remote Architechture \n" + name: Remote Architechture diff --git a/package.json b/package.json index 4cbc3bb24..48ba34385 100644 --- a/package.json +++ b/package.json @@ -21,8 +21,8 @@ "gen-all": "docusaurus gen-api-docs all && docusaurus gen-api-docs:version sdwan:all && docusaurus gen-api-docs:version insights:all && docusaurus gen-api-docs:version compute:all", "clean-all": "docusaurus clean-api-docs all && docusaurus clean-api-docs:version sdwan:all && docusaurus clean-api-docs:version insights:all && docusaurus clean-api-docs:version compute:all", "re-gen": "yarn clean-all && yarn gen-all", - "getBlogs": "curl -H \"Accept: application/json\" \"https://api.rss2json.com/v1/api.json?rss_url=https%3A%2F%2Fmedium.com%2Ffeed%2Fpalo-alto-networks-developer-blog\" -o src/components/Medium/blogs.json", - "getHashicorpBlogs": "curl -H \"Accept: application/json\" \"https://api.rss2json.com/v1/api.json?rss_url=https%3A%2F%2Fwww.hashicorp.com%2Fblog%2Fproducts%2Fterraform%2Ffeed.xml\" -o src/components/ProductLandingPage/Feeds/feeds.json", + "getBlogs": "curl -H \"Accept: application/json\" \"https://www.toptal.com/developers/feed2json/convert?url=https%3A%2F%2Fmedium.com%2Ffeed%2Fpalo-alto-networks-developer-blog\" -o src/components/Medium/blogs.json", + "getHashicorpBlogs": "curl -H \"Accept: application/json\" \"https://www.toptal.com/developers/feed2json/convert?url=https%3A%2F%2Fwww.hashicorp.com%2Fblog%2Fproducts%2Fterraform%2Ffeed.xml\" -o src/components/ProductLandingPage/Feeds/feeds.json", "start:netsec": "cross-env PRODUCTS_INCLUDE=cdss,threat-vault,dns-security,iot,expedition,cloudngfw,cdl,panos,terraform,ansible,splunk,aiops-ngfw-bpa,email-dlp,dlp yarn start", "start:splunk": "cross-env PRODUCTS_INCLUDE=panos,terraform,ansible,splunk yarn start", "start:sase": "cross-env PRODUCTS_INCLUDE=sase,access,sdwan yarn start", diff --git a/products/access/api/insights/insights-api.md b/products/access/api/insights/2.0/insights-api.md similarity index 84% rename from products/access/api/insights/insights-api.md rename to products/access/api/insights/2.0/insights-api.md index a0f90cbde..ee5efb926 100644 --- a/products/access/api/insights/insights-api.md +++ b/products/access/api/insights/2.0/insights-api.md @@ -2,13 +2,15 @@ id: insights-api title: Prisma Access Insights 2.0 APIs sidebar_label: Prisma Access Insights APIs -slug: /access/api/insights +slug: /access/api/insights/2.0 keywords: - SASE - Reference - API --- +**NOTE:** The Prisma Access Insights 2.0 APIs are deprecated. Please use the [3.0 APIs](/access/api/insights) instead. + The Prisma Access Insights 2.0 APIs allow you to query your Prisma Access tenant for the health of your Prisma Access network deployment. The 2.0 APIs are are intended for cloud-managed Prisma Access customers, where the tenants have been onboarded by Palo Alto Networks using a Tenant Service Group diff --git a/products/access/api/insights/insights30-api.md b/products/access/api/insights/insights30-api.md new file mode 100644 index 000000000..88601dd18 --- /dev/null +++ b/products/access/api/insights/insights30-api.md @@ -0,0 +1,23 @@ +--- +id: insights-api +title: Prisma Access Insights 3.0 APIs +sidebar_label: Prisma Access Insights APIs +slug: /access/api/insights +keywords: + - SASE + - Reference + - API +--- + +The Prisma Access Insights 3.0 APIs allow you to query your Prisma Access tenant for the health of +your Prisma Access network deployment. The 3.0 APIs are are intended for cloud-managed Prisma Access +customers, where the tenants have been onboarded by Palo Alto Networks using a Tenant Service Group +(TSG) identifier. + +To validate your tenant ID go to the Prisma Access Hub, click on the Prisma Access Insights +application name, and look in the **Manage Apps** section. + +To use 1.0 APIs, see [1.0 APIs](/access/api/insights/1.0). + +For information about access tokens and base URLs, please see +[Get Started with Prisma Access 3.0 APIs](/access/docs/insights/getting_started-30). diff --git a/products/access/docs/insights/api-query.md b/products/access/docs/insights/api-query.md index 3225bf2af..b4c587cf3 100644 --- a/products/access/docs/insights/api-query.md +++ b/products/access/docs/insights/api-query.md @@ -16,6 +16,7 @@ and retrieve query results using the following Prisma Access Insights APIs. | Customer | API Version | API | | ------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| MSSP | 3.0 | [Resource Query](/access/api/insights/post-insights-v-3-0-resource-query-mobileusers-90-days-user-list/) | | MSSP | 2.0 | [Resource Query](/access/api/insights/get-api-sase-v-2-0-resource-resource-name)
[Resource Custom Query](/access/api/insights/get-api-sase-v-2-0-resource-custom-feature-name-request-name) | | Single Tenant | 1.0 | [Resource Query](/access/api/insights/1.0/get-api-sase-v-1-0-resource-tenant-tenant-id-resource-name)
[Resource Custom Query](/access/api/insights/1.0/get-api-sase-v-1-0-resource-tenant-tenant-id-custom-feature-name-request-name) | @@ -24,6 +25,7 @@ that you're using, see Getting Started: | Customer | API Version | API | | ------------- | ----------- | -------------------------------------------------------------------------------------------- | +| MSSP | 3.0 | [Get Started with Prisma Access Insights 3.0 API](/access/docs/insights/getting_started-30/) | | MSSP | 2.0 | [Get Started with Prisma Access Insights 2.0 API](/access/docs/insights/getting_started-20/) | | Single Tenant | 1.0 | [Get Started with Prisma Access Insights 1.0 API](/access/docs/insights/getting_started-10/) | diff --git a/products/access/docs/insights/getting_started-10.md b/products/access/docs/insights/getting_started-10.md index 43c32bbcd..660b738a1 100644 --- a/products/access/docs/insights/getting_started-10.md +++ b/products/access/docs/insights/getting_started-10.md @@ -8,8 +8,9 @@ sidebar_label: Get Started 1.0 Palo Alto Networks® Prisma Access Insights APIs allows you to continuously monitor the health and performance of your Prisma Access environment using Insights in the Prisma Access app. -This document provides information about getting started with Prisma Access -Insights 1.0 APIs. The 1.0 APIs are meant for all cloud-managed single-tenant customers, as well as Panorama-managed single-tenant and multi-tenant customers. +This document provides information about getting started with [Prisma Access Insights 1.0 APIs](/access/api/insights/1.0). +The 1.0 APIs are meant for all cloud-managed single-tenant customers, as well as Panorama-managed +single-tenant and multi-tenant customers. ## API Request Overview diff --git a/products/access/docs/insights/getting_started-20.md b/products/access/docs/insights/getting_started-20.md index 982c626f8..14eb32d1f 100644 --- a/products/access/docs/insights/getting_started-20.md +++ b/products/access/docs/insights/getting_started-20.md @@ -5,10 +5,13 @@ description: Prisma Access Insights 2.0 API quick start sidebar_label: Get Started 2.0 --- +**Note:** The Prisma Access Insights 2.0 APIs are deprecated. Please use the [3.0 APIs](/access/api/insights/) instead. + Palo Alto Networks® Prisma Access Insights APIs allows you to continuously monitor the health and performance of your Prisma Access environment using Insights in the Prisma Access app. -This document provides information about getting started with Prisma Access Insights 2.0 APIs. The +This document provides information about getting started with [Prisma Access Insights 2.0 +APIs](/access/api/insights/2.0). The 2.0 APIs are intended for cloud-managed Prisma Access customers, where the tenants have been onboarded by Palo Alto Networks using a Tenant Service Group (TSG) identifier. To see whether your tenant uses TSG IDs, go to the Prisma Access Hub, click on the Prisma Access Insights application @@ -18,9 +21,9 @@ name, and look in the **Manage Apps** section. The Prisma Access Insights APIs allow you to retrieve selected information from the Prisma Access Insights platform. All Prisma Access 2.0 API requests must use HTTPS, and they must use HTTP/1.1. -They also must use an access token. To obtain an access token, you use the same process as the -other SASE APIs. That is, you must have a TSG and a service account that has role access to your -Prisma Access Insights instance. To understand this process, see +They also must use an access token. To obtain an access token, you use the same process as the other +SASE APIs. That is, you must have a TSG and a service account that has role access to your Prisma +Access Insights instance. To understand this process, see [Prisma SASE API Get Started](/sase/docs/getstarted). ## Base URLs diff --git a/products/access/docs/insights/getting_started-30.md b/products/access/docs/insights/getting_started-30.md new file mode 100644 index 000000000..1c4c60c26 --- /dev/null +++ b/products/access/docs/insights/getting_started-30.md @@ -0,0 +1,64 @@ +--- +id: getting_started-30 +title: Get Started with Prisma Access Insights 3.0 API +description: Prisma Access Insights 3.0 API quick start +sidebar_label: Get Started 3.0 +--- + +Palo Alto Networks® Prisma Access Insights APIs allows you to continuously monitor the health and +performance of your Prisma Access environment using Insights in the Prisma Access app. + +This document provides information about getting started with [Prisma Access Insights 3.0 APIs](/access/api/insights/). The 3.0 APIs are intended for cloud-managed Prisma Access customers, where the tenants have been +onboarded by Palo Alto Networks using a Tenant Service Group (TSG) identifier. To see whether your +tenant uses TSG IDs, go to the Prisma Access Hub, click on the Prisma Access Insights application +name, and look in the **Manage Apps** section. + +## API Request Overview + +The Prisma Access Insights APIs allow you to retrieve selected information from the Prisma Access +Insights platform. All Prisma Access 3.0 API requests must use HTTPS, and they must use HTTP/1.1. +They also must use an access token. To obtain an access token, you use the same process as the +other SASE APIs. That is, you must have a TSG and a service account that has role access to your +Prisma Access Insights instance. To understand this process, see +[Prisma SASE API Get Started](/sase/docs/getstarted). + +## Base URLs + +While you use Prisma SASE to obtain an access token for use with your Prisma Access 3.0 +APIs, you do not use the same FQDN as do the other Prisma SASE APIs. Also, this API requires the x-panw-region header. See About [x-panw-region](/sase/docs/api-call/#about-x-panw-region) for usage information. + +All requests go to the same base URL: + +`https://api.sase.paloaltonetworks.com` + +## Full API URL + +The full URL for an API request includes the base URL, plus the API URI described in the API reference documentation. For example, a customer can query for application list using: + +`https://api.sase.paloaltonetworks.com/insights/v3.0/resource/query/applications/application_list` + +## Sample: API Request + +**Note** The `Bearer` keyword must be present before the auth token itself. + +**Note** To get data on a sub-tenant level, add a Prisma-Tenant header. + + #!/bin/bash + echo " " + + # Replace + # - JWT Token from the previous script + # + curl -L -X POST 'https://api.sase.paloaltonetworks.com/insights/v3.0/resource/query/applications/application_list' \ + -H 'Content-Type: application/json' \ + -H 'X-PANW-Region: de' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' \ + --data-raw '{ + "filter": { + "rules": [ { + "property": "event_time", + "operator": "last_n_hours", + "values": [ + 3 + ] } ] } }' diff --git a/products/access/docs/insights/insights.md b/products/access/docs/insights/insights.md index 75cf6d32b..d8f12f5d2 100644 --- a/products/access/docs/insights/insights.md +++ b/products/access/docs/insights/insights.md @@ -20,24 +20,23 @@ Which API you should use is determined by whether your tenant has been migrated To see whether your tenant uses TSG IDs, go to the Prisma Access Hub, click on the Prisma Access Insights application name, and look in the **Manage Apps** section. -## 1.0 APIs +## 3.0 APIs -The 1.0 APIs are intended for all cloud-managed single tenant customers, as well as Panorama-managed -single-tenant and multitenant customers. - -If you want to query for a subtenant information using the 1.0 APIs, include the super tenant ID on -the endpoint: - - /api/sase/v1.0/resource/tenant/{super_tenant_id}/ +The 3.0 APIs are intended for cloud-managed Prisma Access customers, where the tenants have been +onboarded by Palo Alto Networks using a Tenant Service Group (TSG) identifier. -And also include the following header on the call: +For Panorama managed, the 3.0 APIs can be used to query only the super tenant because subtenants +have not migrated to v3.0. However, you can still query subtenant information by placing the +following header on your call: - Prisma-Tenant:{tenant_id}:{sub_tenant_id} + Prisma-Tenant:{tsg_id}:{sub_tenant_id} -For more information regarding the 1.0 APIs, see [Getting Started with the 1.0 APIs](/access/docs/insights/getting_started-10). +For more information regarding the 3.0 APIs, see [Getting Started with the 3.0 APIs](/access/docs/insights/getting_started-30). ## 2.0 APIs +**Note:** The Prisma Access Insights 2.0 APIs are deprecated. Please use the [3.0 APIs](/access/api/insights/3.0) instead. + The 2.0 APIs are intended for cloud-managed Prisma Access customers, where the tenants have been onboarded by Palo Alto Networks using a Tenant Service Group (TSG) identifier. @@ -48,3 +47,21 @@ following header on your call: Prisma-Tenant:{tsg_id}:{sub_tenant_id} For more information regarding the 2.0 APIs, see [Getting Started with the 2.0 APIs](/access/docs/insights/getting_started-20). + +## 1.0 APIs + +The 1.0 APIs are intended for all cloud-managed single tenant customers, as well as Panorama-managed +single-tenant and multitenant customers. + +If you want to query for a subtenant information using the 1.0 APIs, include the super tenant ID on +the endpoint: + + /api/sase/v1.0/resource/tenant/{super_tenant_id}/ + +And also include the following header on the call: + + Prisma-Tenant:{tenant_id}:{sub_tenant_id} + +For more information regarding the 1.0 APIs, see [Getting Started with the 1.0 APIs](/access/docs/insights/getting_started-10). + + diff --git a/products/access/docs/insights/pai-faqs.md b/products/access/docs/insights/pai-faqs.md index 5ee9b305b..511db0f92 100644 --- a/products/access/docs/insights/pai-faqs.md +++ b/products/access/docs/insights/pai-faqs.md @@ -16,12 +16,19 @@ query your Prisma Access tenant for the health of your Prisma Access network dep However, these API versions use different access tokens, and the mechanism by which you obtain an access token is different for each version. +The 3.0 APIs are for customers who use TSG IDs. This includes all customers using the Prisma SASE Multitenant Support. +For more information, see [Get Started with Prisma Access Insights 3.0 API](/access/docs/insights/getting_started-30/). + The 2.0 APIs are for customers who use TSG IDs. This includes all customers using the Prisma SASE Multitenant Support. For more information, see [Get Started with Prisma Access Insights 2.0 API](/access/docs/insights/getting_started-20/). The 1.0 APIs support legacy single tenant customers. For more information, see [Get Started with Prisma Access Insights 1.0 API](/access/docs/insights/getting_started-10/). +## Why version 2.0 APIs are deprecated? +Prisma Acess Insights 3.0 is now more fully integrated with SASE common authentication and Base URL. +Hence, users are requested to use Prisma Access Insights 3.0. + ## How do I identify whether my tenant has been migrated to TSG ID? To see whether your tenant uses tenant service group (TSG) IDs: @@ -53,7 +60,7 @@ In version 1.0, the tenant ID that is present in the header always refers to the ## How do I get the base URL for fetching data using Prisma Access Insights APIs? -See **Base URLs** in [Get Started with Prisma Access Insights 2.0 API](/access/docs/insights/getting_started-20/). +See **Base URLs** in [Get Started with Prisma Access Insights 3.0 API](/access/docs/insights/getting_started-30/). ## How do I generate an API key for version 1.0 APIs? @@ -65,7 +72,11 @@ See **Generate an API Key** in [Get Started with Prisma Access Insights 1.0 API] To generate an access token for version 2.0 APIs, see [Access Tokens](/sase/docs/access-tokens/). -## What are the API URLs for API version 1.0 and version 2.0? +## How do I generate an access token for version 3.0 APIs? + +To generate an access token for version 3.0 APIs, see [Access Tokens](/sase/docs/access-tokens/). + +## What are the API URLs for API version 1.0, version 2.0, and version 3.0? The full URL for an API request includes the base URL, plus the API URI described in the API reference documentation. For example, a customer using the US region can query for external alerts @@ -79,11 +90,23 @@ For version 2.0: https://pa-us01.api.prismaaccess.com/api/sase/v2.0/resource/query/prisma_sase_external_alerts_current +For version 3.0: + + https://api.sase.paloaltonetworks.com/insights/v3.0/resource/query/locations/location_gp_mobile_users_logins + +For more complete information about forming Prisma Access queries, see +[Get Started with Prisma Access Insights 3.0 API](/access/docs/insights/getting_started-30/) +or + For more complete information about forming Prisma Access queries, see [Get Started with Prisma Access Insights 2.0 API](/access/docs/insights/getting_started-20/) or [Get Started with Prisma Access Insights 1.0 API](/access/docs/insights/getting_started-20/). +## How are version 3.0 API headers populated? + +See [Get Started with Prisma Access Insights 3.0 API](/access/docs/insights/getting_started-30/). + ## How are version 2.0 API headers populated? See [Get Started with Prisma Access Insights 2.0 API](/access/docs/insights/getting_started-20/). diff --git a/products/access/docs/insights/query_language_resources.md b/products/access/docs/insights/query_language_resources.md index 715245e5f..37efea8a1 100644 --- a/products/access/docs/insights/query_language_resources.md +++ b/products/access/docs/insights/query_language_resources.md @@ -14,6 +14,7 @@ general or custom resources: | Customer | API Version | API | | ------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Single Tenant | 3.0 | [Resource Query](/access/api/insights/post-insights-v-3-0-resource-query-mobileusers-90-days-user-list/) | | MSSP | 2.0 | [Resource Query](/access/api/insights/get-api-sase-v-2-0-resource-resource-name)
[Resource Custom Query](/access/api/insights/get-api-sase-v-2-0-resource-custom-feature-name-request-name) | | Single Tenant | 1.0 | [Resource Query](/access/api/insights/1.0/get-api-sase-v-1-0-resource-tenant-tenant-id-resource-name)
[Resource Custom Query](/access/api/insights/1.0/get-api-sase-v-1-0-resource-tenant-tenant-id-custom-feature-name-request-name) | diff --git a/products/access/sidebars.js b/products/access/sidebars.js index aec4b85f0..ec99baf20 100644 --- a/products/access/sidebars.js +++ b/products/access/sidebars.js @@ -32,6 +32,21 @@ module.exports = { defaultStyle: true, value: versionCrumb(`v2.0`), }, + "access/api/insights/2.0/insights-api", + require("./api/insights/2.0/sidebar"), + ], + saseinsightsv3: [ + { + type: "html", + defaultStyle: true, + value: versionSelector(insightsVersions), + className: "version-button", + }, + { + type: "html", + defaultStyle: true, + value: versionCrumb(`v3.0`), + }, "access/api/insights/insights-api", require("./api/insights/sidebar"), ], diff --git a/products/compute/api/32-04/stable-endpoints.md b/products/compute/api/32-04/stable-endpoints.md index c4de7feab..0f1092214 100644 --- a/products/compute/api/32-04/stable-endpoints.md +++ b/products/compute/api/32-04/stable-endpoints.md @@ -14,10 +14,8 @@ The deployment scripts and Twistcli that you download from Console, uses the API All minor or maintenance versions (xx) of 32.xx release have n-2 support for backward compatibility. The documentation for all the supported releases is available at: -* [Prisma Cloud Compute Edition - 32.04](/compute/api/) -* [Prisma Cloud Compute Edition - 31.02](/compute/api/31-02/) -* [Prisma Cloud Compute Edition - 30.03](/compute/api/30-03/) - +* [Prisma Cloud Compute Edition - Latest](/compute/api/) + ## Versioning The Compute API is versioned as follows: diff --git a/products/compute/api/32-05/access-api-self-hosted.md b/products/compute/api/32-05/access-api-self-hosted.md new file mode 100644 index 000000000..40445b655 --- /dev/null +++ b/products/compute/api/32-05/access-api-self-hosted.md @@ -0,0 +1,150 @@ +--- +id: access-api-self-hosted +title: Access the Prisma Cloud Compute Edition (PCCE) APIs +--- + +The Prisma Cloud Compute API is exposed on the host that runs Console on port 8083 (HTTPS). +The port is specified at install time in _twistlock.cfg_. + +All example commands specify a variable called `CONSOLE`, which represents the address for your Console. +The address for your Console depends on how you installed it. + +For Onebox installs, where you install Console on a stand-alone host, the value for `CONSOLE` is the IP address or DNS name of the host. +HTTPS access to Console is servered on port 8083, so the full address would be: + +```bash +CONSOLE = https://:8083 +``` + +For the default Kubernetes installation procedure, the Console service is exposed by a LoadBalancer, and so the address for `CONSOLE` is + +```bash +CONSLE = https://:8083 +``` + +Access to the API requires authentication. +You can either: + +- Retrieve a token, then pass the token in the Authorization field of all subsequent requests. +- Use Basic HTTP authentication for each request. + +:::note +The default install of Prisma Cloud Compute Edition uses self-signed certificates. +By default, curl validates the server's certificate. +Because the certificate for the CA that signed the server's cert isn't in your CA store, curl can't validate the server's cert. + +You've got two options: + +- Pass the --insecure flag to curl. + With this flag, validation that the server is who it claims to be is bypassed. + The connection is still encrypted. + +- Configure Prisma Cloud Compute to use your own custom certs. + ::: + +## Accessing the API using Basic authentication + +The basic token is a Base64 encoded string of type username:password. + +1. Generate the Base64 encoding of your username and password. + Assume your username is api, and your password is api. + +```bash +$ echo -n "api:api" | openssl base64 +YXBpOmFwaQ== +``` + +2. To access any other endpoint, set the Authorization field of your HTTP header to Basic and add the encoded string. + For example, to get all your runtime container policies: + +```bash +$ curl --insecure \ + -H 'Authorization: Basic YWRtaW46YWRtaW4=' \ + "https:///api/v/policies/runtime/container +``` + +:::note +The curl command can handle basic auth for you with the `--user` option. +::: + +## Accessing the API using token authentication + +To access the API using a token: + +1. Retrieve a token from the [Authenticate](/prisma-cloud/api/cwpp/post-authenticate/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint with your user credentials. + +By default, access tokens are valid for 30 minutes. You can set the validity period in Console under **Manage** > **Authentication** > **Logon**. + +You can also retrieve tokens using client certificates. + +```bash +$ curl \ + -H "Content-Type: application/json" \ + -d '{"username":"admin", "password":"admin"}' \ + "https:///api/v/authenticate" +{ + "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." +} +``` + +If you integrated Prisma Cloud Compute Console with Active Directory, and you're using the sAMAccountName _user identifier_, escape the backslash in the `DOMAIN\sAMAccountName` username value. +For example: + +```bash +$ curl \ + -H "Content-Type: application/json" \ + -d '{"username":"DOMAIN\\admin", "password":"admin"}' \ + "https:///api/v/authenticate" +{ + "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." +} +``` + +2. Call the Prisma Cloud Compute API, submitting the token in the Authorization field in the HTTP header of your request. + For example, test connection to the API using the [Get Runtime Container Policies](/compute/api/get-policies-runtime-container/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint: + +```bash +$ curl --insecure \ + -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." \ + "https:///api/v/policies/runtime/container" +``` + +## Accessing the API using a client certificate + +You can retrieve a token using client certificates issued by your public key infrastructure. + +**Prerequisites:** + +- You have configured Prisma Cloud Compute Console with your server certificate. + Go to **Manage > Authentication > Certificates > TLS certificate for Console**, and upload your certificate (cat the cert and private key into a single file). + +1. Install your client certificate on your local machine. + +2. Request a token using your client certificate. + +```bash +$ curl --insecure \ + -X POST \ + --cert cert.pem \ + "https:///api/v/authenticate-client" +{ + "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." +} +``` + +3. Call the Prisma Cloud Compute API, submitting the token in the Authorization field in the HTTP header of your request. + For example, to get all policies: + +```bash +$ curl --insecure \ + -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." \ + "https:///api/v/policies/runtime/container" +``` + +## Accessing the API in a Multi-Tenant Environment + +Requests to the Prisma Cloud Compute API with Projects enabled will be made against all available tenants. To query for a specific tenant, include the `project=name` query parameter to restrict requests to the given tenant. (This does not apply to authentication endpoints.) + +:::note +This parameter is required if the authenticated user does not have access to all tenants. +::: diff --git a/products/compute/api/32-05/set-up-console.md b/products/compute/api/32-05/set-up-console.md new file mode 100644 index 000000000..f84b07761 --- /dev/null +++ b/products/compute/api/32-05/set-up-console.md @@ -0,0 +1,77 @@ +--- +id: set-up-console +title: Set Up Console +--- + +After first installing Prisma Cloud Compute console, you must create an initial admin user and set up your license. +The Prisma Cloud API provides endpoints to complete the set up of a freshly installed Console. + +:::note +This section pertains to the Prisma Cloud Compute Edition consoles only. +::: + +## Create your first admin user + +After Console is first installed, you must create the first admin user. +To do this, use the [Signup](/compute/api/post-signup/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. + +The following example curl command creates the initial admin user named butterbean. + +```bash +$ curl -k \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"username": "butterbean", "password": ""}' \ + https://:8083/api/v1/signup +``` + +The signup process can only be executed once, whether from the Console UI or the API. +Calling this endpoint after the initial sign up has been completed results in a 400 error response. + +## Set up your license + +Console isn't functional until you provide your license key. +The Prisma Cloud API provides an endpoint for setting up your license. + +In this procedure, you access the Prisma Cloud API using an auth token. + +:::note +Prisma Cloud provides a single license that protects a specific number of nodes. +The number of nodes covered depends on your subscription. +You can use the same license to install multiple instances of Console. +There is need to get a new license when building out new environments with Prisma Cloud. + +For example, if you have licensed 100 nodes and you have deployed to 10 separate tenants, each with its own Console, use the same license key for each instance of Console. +::: + +1. Get an auth token from the [Authenticate](/prisma-cloud/api/cwpp/post-authenticate/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. + +```bash +$ curl -H "Content-Type: application/json" \ + -d '{"username":"admin", "password":"admin"}' \ + https://localhost:8083/api/vVERSION/authenticate +{ "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." } +``` + +2. Set environment variables for your auth token and license key. + +```bash +$ echo $LICENSE_KEY +{"key":"your license key here"} +``` + +```bash +$ echo $TOKEN +eyJ0eXAiOiJK... +``` + +3. Execute the command referencing these vars to set the license using the [License](/compute/api/post-settings-license/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. + +```bash +$ curl -H "Authorization: Bearer $TOKEN" \ + -H "Content-Type: application/json" \ + -d $LICENSE_KEY \ + https://localhost:8083/api/v/settings/license +``` + +The result should be 200 OK with an empty body "{}". diff --git a/products/compute/api/32-05/stable-endpoints.md b/products/compute/api/32-05/stable-endpoints.md new file mode 100644 index 000000000..9515c2f83 --- /dev/null +++ b/products/compute/api/32-05/stable-endpoints.md @@ -0,0 +1,101 @@ +--- +id: stable-endpoints +title: Supported Endpoints +--- + +With every release, the Compute APIs are versioned to indicate the release number to which they correspond. +The version-specific APIs are supported for the subsequent two major releases. + +With API versioning, as your Console is upgraded to newer versions, you can continue to use older versioned APIs with stability and migrate to newer version APIs at your convenience within the N-2 support lifecycle. + +The deployment scripts and Twistcli that you download from Console, uses the APIs associated with the specific version of Console. + +### Previous API Versions of Prisma Cloud Compute Edition + +All minor or maintenance versions (xx) of 32.xx release have n-2 support for backward compatibility. The documentation for all the supported releases is available at: + +* [Prisma Cloud Compute Edition - Latest](/compute/api/) + +## Versioning + +The Compute API is versioned as follows: + +`/api/vX/route` + +Where: + +- `v1` - Always points to the latest API. This represents a larger set of APIs. Only the following v1 endpoints are supported and documented: + - api/v1/certs/ca.pem, get + - api/v1/certs/server-certs.sh, get + - api/v1/cloud/discovery/entities, get + - api/v1/registry/webhook/webhook, delete + - api/v1/registry/webhook/webhook, post + - api/v1/signup, post + - api/v1/util/prisma-cloud-jenkins-plugin.hpi, get + - api/v1/util/tas-tile, get + +- `vVersion` - Points to a version-specific API, where `Version` specifies the major and minor parts of a release's version string. + +As a best practice, update your scripts to use the version-specific API endpoints to ensure that your implementation is fully supported. +For the version-specific APIs, you will have access to the API Reference and Release Notes documentation for changes or updates that may impact you. + +When using the version-specific endpoints, you will need to update your automation scripts approximately once a year to stay in sync with the product [Support lifecycle for connected components](https://docs.prismacloud.io/en/classic/compute-admin-guide/upgrade/support-lifecycle). If you are upgraded to Darwin, see [Support Lifecycle for Connected Components](https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/upgrade/support-lifecycle). + +Starting with version 30.xx, each maintenance release (like 30.01, 30.02, and so on) may contain new features and improvements. As a result, the URLs for the APIs will be updated to reflect the version. + +You can continue to use different .xx versions of the API for your automation requirements, as we’ll continue to support backward compatibility for two major releases, including minor (maintenance) release versions before the current one (n-2). For example, while on build 30.01, you can continue to use the API paths such as api/v30.00, api/v22.12, and api/v22.06 due to backward compatibility. + +Though we recommend you to update scripts to use the current or new API paths, you won't need to worry about making changes to your code immediately when a new major or minor (maintenance) release is announced. + +**Note**: If you have a mixed environment of different Defenders versions, then use the version of the API that matches the earliest version. + +If you use the /v1 APIs, Palo Alto Networks recommends that you consider revising your scripts to target the versioned API endpoints. +If you opt to continue using the v1 API endpoints, adhere to the following guidelines: + +- Review the list of v1 endpoints you are using and make sure the corresponding versioned endpoints are available. +- If you are using an API that is only in the /v1 category and does not have a corresponding versioned API, you must review your implementation and update your scripts to ensure that you do not experience a disruption. +- If you are using /v1 endpoints that are unsupported and not versioned, you can submit a feature request. + Your request to support the endpoint will be considered when planning the product roadmap for future releases. + +## Supported Endpoints + +The API Reference documentation includes the supported endpoints only. +You can download a copy of the OpenAPI spec file from the Prisma Cloud Compute Console. The spec file lists all available endpoints, including unsupported endpoints. +Use the supported endpoints to ensure stability. +As the unsupported endpoints are not documented for use, they are subject to change, deprecation, or removal without notice. + +In the OpenAPI spec file, supported endpoints are tagged as supported. +For example, the `POST /api/vX/authenticate` endpoint is tagged as follows: + +``` +"tags": [ + "Authenticate", + "Supported API" +] +``` + +## Supported Endpoint Categories + +Supported endpoints tend to fall into one of the following categories: + +- Reporting endpoints +- Config-as-code +- Deployment and config + +### Reporting Endpoints + +Reporting API calls are the ones used to download the health or scan data such as vulnerabilities/compliance/runtime. +Access to the underlying data in JSON and CSV formats allows customers to easily access and transform data into business intelligence in the forms that meet their needs. +The output may be human-readable reports or, in other cases, the reporting data may feed automated decisions and processes. + +These are mostly under the **Monitor** section in the Compute Console. + +### Config-as-Code + +Configuration as code is the formal migration of config between environments, backed by a version control system. +Customers who want to programmatically store and manage the configuration of infrastructure components can automate these components using the same approaches as production code and services. + +### Deployment and Config + +Deployment and config endpoints are essential to automate the installation of Console, Defenders, as well as any configuration that deals with integrations. +These are useful to those who base their management of environments on automation, using tools such as Ansible, Puppet, Terraform, etc to define desired configurations. \ No newline at end of file diff --git a/products/compute/api/32-05/welcome-prisma-cloud-apis.md b/products/compute/api/32-05/welcome-prisma-cloud-apis.md new file mode 100644 index 000000000..827b16473 --- /dev/null +++ b/products/compute/api/32-05/welcome-prisma-cloud-apis.md @@ -0,0 +1,125 @@ +--- +id: compute-api-reference-home +title: Welcome to the Compute APIs +slug: /compute/api/32-05 +keywords: + - Developer + - Prisma + - Prisma Cloud + - Reference + - API +--- + +### About + +The Prisma Cloud Workload Protection REST API lets you automate workflows and integrate with external systems. +Use the API to: + +- Set up, configure, reconfigure, and deploy Prisma Cloud Compute components to secure your hosts, containers, and serverless functions against vulnerabilities, malware, and compliance violations. +- Extract the security data that Prisma Cloud Compute has collected about your environment and send it to your monitoring, alerting, and reporting systems. + +### How to find your version + +To find the the version of Prisma Cloud Workload Protection that you're running: + +1. Log into your Prisma Cloud Compute console. + +2. Click the bell icon in the top right of the page. + + The drop-down shows the currently running version: + + ![Console screenshot](/img/compute-version.png) + +### cURL Examples + +All the cURL examples in these documents specify a `` variable, which represents the address for Console. +The Console address will depend on how Console was installed. + +The Prisma Cloud Compute API is exposed on port `8083` (HTTPS). +This port is specified at install time in `twistlock.cfg`. + +- **(Default) Kubernetes installations:** Console service is exposed by a LoadBalancer. + + The value for `` is the LoadBalancer followed by port `8083`: + + ```bash + $ https://:8083 + ``` + +- **Onebox installations:** Console installed on a stand-alone host. + + The value for `` is the IP address or DNS name of the host followed by port `8083`: + + ```bash + $ https://:8083 + ``` + +The cURL example for each endpoint is called with a username (`-u `) only. +The cURL command can be modified to use any of the following: + +- **Authentication Token:** Use the `-H` option to pass the authentication token from the [Authenticate](/prisma-cloud/api/cwpp/post-authenticate/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint into the request header. + +For example, replace `` with the token from the [Authenticate](/prisma-cloud/api/cwpp/post-authenticate/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. + +```bash +$ curl -k \ +-H 'Authorization: Bearer ' \ +-X POST \ +https:///api/vVERSION/ +``` + +- **Username and Password:** Use the `-u` and `-p` options to include the username and password, eliminating the need to enter a password in a secondary step. + +For example, replace `` with the username string and `` with the password string. + +```bash +$ curl -k \ +-u \ +-p \ +-X POST \ +https:///api/vVERSION/ +``` + +- **Username Only:** This will require the user's password to be entered as a secondary step. + +For example, replace `` with the username string. + +```bash +$ curl -k \ +-u \ +-X POST \ +https:///api/vVERSION/ +``` + +**Note:** This is a more secure method than including the `-p` option since your terminal history won't contain the password. + +### Paginated Responses + +Paginated API requests are capped to a max of 250 returned objects because very large responses could DoS Console. The default value is 50 objects per page. + +If the response contains more than 250 objects, cycle through the collection with the `offset` query parameter to retrieve more objects. + +For example: + +```bash +$ https:///api/v/images?limit=250&offset=X +``` + +### API Rate Limits + +Rate limiting is applied to some endpoints. The documentation for each such endpoint has details of the rate limits enforced on it. For example, [Get Container Scan Results](https://pan.dev/prisma-cloud/api/cwpp/get-containers/). + +### View parameter descriptions + +The parameter descriptions are available for each endpoint. The body or query (wherever applicable) parameters are listed after the endpoint description. +The response parameters are hidden under the label `Response` 200. + +Click `>` to view hidden parameters. + +#### View API endpoint parameters + +![Expand Body Parameters](/img/expandingbodyparameters.gif) + +#### View API endpoint response parameters + +![Expand Response Parameters](/img/expandingresponse.gif) diff --git a/products/compute/sidebars.js b/products/compute/sidebars.js index 5cedfef75..8a2f80de3 100644 --- a/products/compute/sidebars.js +++ b/products/compute/sidebars.js @@ -15,7 +15,7 @@ module.exports = { { type: "html", defaultStyle: true, - value: versionCrumb(`32-05`), + value: versionCrumb(`32-06`), }, "compute/api/compute-api-reference-home", "compute/api/access-api-self-hosted", @@ -59,20 +59,6 @@ module.exports = { "compute/api/30-03/stable-endpoints", require("./api/30-03/sidebar"), ], - compute_3201: [ - { - type: "category", - label: "Prisma Cloud Compute Edition - 32.01", - collapsed: true, - items: [ - "compute/api/32-01/compute-api-reference-home", - "compute/api/32-01/access-api-self-hosted", - "compute/api/32-01/set-up-console", - "compute/api/32-01/stable-endpoints", - require("./api/32-01/sidebar"), - ], - }, - ], compute_3202: [ { type: "category", @@ -115,4 +101,18 @@ module.exports = { ], }, ], + compute_3205: [ + { + type: "category", + label: "Prisma Cloud Compute Edition - 32.05", + collapsed: true, + items: [ + "compute/api/32-05/compute-api-reference-home", + "compute/api/32-05/access-api-self-hosted", + "compute/api/32-05/set-up-console", + "compute/api/32-05/stable-endpoints", + require("./api/32-05/sidebar"), + ], + }, + ], }; diff --git a/products/prisma-cloud/docs/cwpp/deploy_defender.md b/products/prisma-cloud/docs/cwpp/deploy_defender.md index 900039fa0..48a461292 100644 --- a/products/prisma-cloud/docs/cwpp/deploy_defender.md +++ b/products/prisma-cloud/docs/cwpp/deploy_defender.md @@ -41,7 +41,7 @@ Secure your workloads, tasks (apps) by embedding a Defender into the workloads. ### Manual Deployment: Use this deployment when you want to secure all tasks (apps) or workloads in a cloud container irrespective of whether the containers are self-managed, Amazon ECS managed, or docker managed. -1. Download the App Embedded Defender bundle by using the [App Embedded Defender](/prisma-cloud/api/cwpp/get-images-twistlock-defender-app-embedded-tar-gz) ![alt text](/icons/api-icon-pan-dev.svg) endpoint: +1. Download the App Embedded Defender bundle by using the [App Embedded Defender](https://pan.dev/prisma-cloud/api/cwpp/get-images-twistlock-defender-app-embedded-tar-gz) ![alt text](/icons/api-icon-pan-dev.svg) endpoint: ```bash $ curl -sSL -k --header "authorization: Bearer " https:///api/v/images/twistlock_defender_app_embedded.tar.gz -O @@ -72,7 +72,7 @@ Choose your template for deployment based on whether you wish to secure applicat #### Native template: Use this cURL sample request to protect a Amazon ECS Fargate task definition in native format. -- Generate a protected task definition using the [Defender Fargate](prisma-cloud/api/cwpp/post-defenders-fargate-json/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint: +- Generate a protected task definition using the [Defender Fargate](https://pan.dev/prisma-cloud/api/cwpp/post-defenders-fargate-json/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint: ```bash $ curl -k \ @@ -87,7 +87,7 @@ Use this cURL sample request to protect a Amazon ECS Fargate task definition in #### CloudFormation template (in JSON): Use this cURL sample request to protect a Amazon ECS Fargate task definition in CloudFormation template in JSON. -- Generate a protected template using the [Defender Fargate](prisma-cloud/api/cwpp/post-defenders-fargate-json/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. +- Generate a protected template using the [Defender Fargate](https://pan.dev/prisma-cloud/api/cwpp/post-defenders-fargate-json/)![alt text](/icons/api-icon-pan-dev.svg) endpoint. ```bash $ curl -k \ @@ -103,7 +103,7 @@ Use this cURL sample request to protect a Amazon ECS Fargate task definition in #### CloudFormation template (in YAML): Use this cURL sample request to protect a Amazon ECS Fargate task definition in CloudFormation template in YAML. -- Generate a protected template using the [Defender Fargate](prisma-cloud/api/cwpp/post-defenders-fargate-yaml/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. +- Generate a protected template using the [Defender Fargate](https://pan.dev/prisma-cloud/api/cwpp/post-defenders-fargate-yaml/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. ```bash $ curl -k \ @@ -120,7 +120,7 @@ Use this cURL sample request to protect a Amazon ECS Fargate task definition in Use this deployment when you want to secure applications (or tasks) in docker managed containers. -1. Deploy using the [App Embedded Defender](prisma-cloud/api/cwpp/post-defenders-app-embedded/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. +1. Deploy using the [App Embedded Defender](https://pan.dev/prisma-cloud/api/cwpp/post-defenders-app-embedded/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. 2. Enter or assign values for the following mandatory fields in the cURL example below: - appID: ID of the application. @@ -152,7 +152,7 @@ You can protect the Azure and AWS serverless functions by directly embedding the ### AWS Serverless (Lambda Layers) Deployment Use this deployment to embed Defender to AWS Lambda Layers so that all serverless functions are invoked with security. -1. Download the Serverless Defender bundle for AWS Lambda layer by using the [Serverless Defender](prisma-cloud/api/cwpp/post-images-twistlock-defender-layer-zip/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. +1. Download the Serverless Defender bundle for AWS Lambda layer by using the [Serverless Defender](https://pan.dev/prisma-cloud/api/cwpp/post-images-twistlock-defender-layer-zip/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. Specify the function name, runtime, and region in the following API cURL request: @@ -172,7 +172,7 @@ Use this deployment to embed Defender to AWS Lambda Layers so that all serverles ### AWS Serverless (Embedded) Use this deployment to embed Defender to secure each AWS Lambda function. -1. Download the Serverless Defender bundle by using the [Serverless Defender](prisma-cloud/api/cwpp/post-defenders-serverless-bundle/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. +1. Download the Serverless Defender bundle by using the [Serverless Defender](https://pan.dev/prisma-cloud/api/cwpp/post-defenders-serverless-bundle/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. Specify the runtime*, provider*, function name, and region. @@ -236,7 +236,7 @@ Use this deployment to embed Defender to secure each AWS Lambda function. #### Azure serverless Use this deployment to embed Defender to secure each Azure serverless function. -1. Download the Serverless Defender bundle by using the [Serverless Defender](prisma-cloud/api/cwpp/post-defenders-serverless-bundle/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. +1. Download the Serverless Defender bundle by using the [Serverless Defender](https://pan.dev/prisma-cloud/api/cwpp/post-defenders-serverless-bundle/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. Specify the runtime*, provider*, function name, and region. @@ -279,4 +279,3 @@ Use this deployment to embed Defender to secure each Azure serverless function. 5. Generate the value for the **TW_POLICY** environment variable by specifying your serverless function's name (defined in key-value pair). - diff --git a/products/prisma-cloud/docs/cwpp/view_registry_scan.md b/products/prisma-cloud/docs/cwpp/view_registry_scan.md index 181e1b5de..deaf13254 100644 --- a/products/prisma-cloud/docs/cwpp/view_registry_scan.md +++ b/products/prisma-cloud/docs/cwpp/view_registry_scan.md @@ -1,5 +1,5 @@ --- -id: vuln-registry-scan +id: view-registry-scan title: Get Vulnerability Report for a Registry Scan sidebar_position: 7 --- @@ -17,6 +17,7 @@ You can configure the following registries: * Docker Trusted Registry: `dtr` * Google Container Registry: `gcr` * GitLab Container Registry: `gitlab` +* Harbor Registry: `harbor` * IBM Cloud Container Registry: `bluemix` * JFrog Artifactory: `jfrog` * Red Hat OpenShift: `redhat` @@ -33,7 +34,6 @@ After you configure, Prisma Cloud automatically scans images for vulnerabilities This guide shows how to get vulnerability report for container images stored in different registries. For more information about registry scan, see [Configure Registry Scan](https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/configure-registry-scanning). If you are upgraded to Darwin, see [Configure Registry Scan](https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/configure-registry-scanning). - ***Prerequisite***: * Make sure that you have deployed a Defender. For more details, see the [Deploying Defender](/prisma-cloud/docs/cwpp/deploy-defenders/) workflow. @@ -47,13 +47,13 @@ This guide shows how to get vulnerability report for container images stored in ::: **Follow these steps:** -1. [Set Up and Add Registry Settings](#set-up-and-add-registry-settings) -2. [Initiate Registry Scan](#initiate-registry-scan) -3. [View Registry Scan Progress](#view-registry-scan-progress) -4. [Check Scan Status (Available only for Regular or Periodic Scans)](#check-regular-or-periodic-scan-status) -5. [Retrieve Scan Reports](#retrieve-the-registry-scan-reports) +- [1. Set Up and Add Registry Settings](#1-set-up-and-add-registry-settings) +- [2. Initiate Registry Scan](#2-initiate-registry-scan) +- [3. View Registry Scan Progress](#3-view-registry-scan-progress) +- [4. Check Scan Status](#4-check-scan-status) +- [5. Retrieve the Registry Scan Reports](#5-retrieve-the-registry-scan-reports) -## Set Up and Add Registry Settings +## 1. Set Up and Add Registry Settings Add the registry entries to set up the scan by using the [POST, registry settings](/prisma-cloud/api/cwpp/post-settings-registry/) ![alt text](/icons/api-icon-pan-dev.svg): @@ -78,9 +78,9 @@ Add the registry entries to set up the scan by using the [POST, registry setting 'https:///api/v/settings/registry' ``` -> **Note:** You can view the settings by using [GET, registry settings](/prisma-cloud/api/cwpp/get-settings-registry/) ![alt text](/icons/api-icon-pan-dev.svg) and update by using [PUT, registry settings](prisma-cloud/api/cwpp/put-settings-registry/) ![alt text](/icons/api-icon-pan-dev.svg) if needed. +> **Note:** You can view the settings by using [GET, registry settings](/prisma-cloud/api/cwpp/get-settings-registry/) ![alt text](/icons/api-icon-pan-dev.svg) and update by using [PUT, registry settings](/prisma-cloud/api/cwpp/put-settings-registry/) ![alt text](/icons/api-icon-pan-dev.svg) if needed. -## Initiate Registry Scan +## 2. Initiate Registry Scan Start the on-demand registry scan by adding the required request parameters in [POST, registry scan](/prisma-cloud/api/cwpp/post-registry-scan/) ![alt text](/icons/api-icon-pan-dev.svg): @@ -95,7 +95,7 @@ Start the on-demand registry scan by adding the required request parameters in [ > **Note:** You can initiate a regular or periodic scan with the same API by not using the `onDemandScan` parameter or setting it up to `false` in the request body. -## View Registry Scan Progress +## 3. View Registry Scan Progress View the on-demand registry scan progress by using the same request parameters in [GET, registry scan progress](/prisma-cloud/api/cwpp/get-registry-progress/) ![alt text](/icons/api-icon-pan-dev.svg). @@ -137,7 +137,7 @@ View the on-demand registry scan progress by using the same request parameters i ``` > **Note:** You can view the progress of a regular or periodic registry scan without using the query parameters. -## Check Scan Status +## 4. Check Scan Status Check the status of a regular registry scan with [GET, registry status](/prisma-cloud/api/cwpp/get-statuses-registry/) ![alt text](/icons/api-icon-pan-dev.svg): @@ -161,7 +161,7 @@ Check the status of a regular registry scan with [GET, registry status](/prisma- > **Note:** You can also stop an ongoing registry scan with [POST, stop registry scan](/prisma-cloud/api/cwpp/post-registry-stop/) ![alt text](/icons/api-icon-pan-dev.svg) if needed. -## Retrieve the Registry Scan Reports +## 5. Retrieve the Registry Scan Reports Retrieve the registry scan reports with [GET, download registry scan results](/prisma-cloud/api/cwpp/get-registry-download/) ![alt text](/icons/api-icon-pan-dev.svg). @@ -175,4 +175,4 @@ Retrieve the registry scan reports with [GET, download registry scan results](/p > registry_report.csv ``` -> **Note:** You can also view the registry scan report in JSON format with [GET, registry scan results](/prisma-cloud/api/cwpp/get-registry/) ![alt text](/icons/api-icon-pan-dev.svg). +> **Note:** You can also view the registry scan report in JSON format with [GET, registry scan results](/prisma-cloud/api/cwpp/get-registry/) ![alt text](/icons/api-icon-pan-dev.svg). \ No newline at end of file diff --git a/products/sase/sidebars.js b/products/sase/sidebars.js index e24632b2d..f04d36ce3 100644 --- a/products/sase/sidebars.js +++ b/products/sase/sidebars.js @@ -184,6 +184,7 @@ module.exports = { collapsed: true, items: [ "access/docs/insights/insights", + "access/docs/insights/getting_started-30", "access/docs/insights/getting_started-20", "access/docs/insights/getting_started-10", { diff --git a/src/components/Medium/index.js b/src/components/Medium/index.js index 4b0eb8eb0..3a5622ed6 100644 --- a/src/components/Medium/index.js +++ b/src/components/Medium/index.js @@ -63,8 +63,8 @@ function Medium() { const cardImgSrc = blog.thumbnail || - (blog.content.match(/]+src="([^">]+)"/) - ? blog.content.match(/]+src="([^">]+)"/)[1] + (blog.content_html.match(/]+src="([^">]+)"/) + ? blog.content_html.match(/]+src="([^">]+)"/)[1] : null); return ( @@ -80,14 +80,14 @@ function Medium() {

{blog.title}

- By: {blog.author} + By: {blog.author?.name}


- {() =>

{getFirstParagraph(blog.content)}

} + {() =>

{getFirstParagraph(blog.content_html)}

}
@@ -96,7 +96,7 @@ function Medium() { diff --git a/src/components/ProductLandingPage/Feeds/Feeds.js b/src/components/ProductLandingPage/Feeds/Feeds.js index f5b3d3d5c..640ec4b6d 100644 --- a/src/components/ProductLandingPage/Feeds/Feeds.js +++ b/src/components/ProductLandingPage/Feeds/Feeds.js @@ -11,11 +11,12 @@ function Feeds() { const hashicorpFeeds = feedsJson.items.slice(2, 6); const filterMediumTerraform = (item) => { - const categories = item.categories; + const title = item.title; + const content_html = item.content_html; - for (let i = 0; i < categories.length; i++) { - if (categories[i].toLowerCase().includes("terraform")) return true; - } + if (title && title.toLowerCase().includes("terraform")) return true; + if (content_html && content_html.toLowerCase().includes("terraform")) + return true; }; const filteredMediumTerraform = mediumFeedsJson.items.filter( @@ -35,12 +36,12 @@ function Feeds() { {imageFeeds.map((feed, i) => { const cardImageSrc = feed.thumbnail || - (feed.content.match(/]+src="([^">]+)"/) - ? feed.content.match(/]+src="([^">]+)"/)[1] + (feed.content_html.match(/]+src="([^">]+)"/) + ? feed.content_html.match(/]+src="([^">]+)"/)[1] : null); return ( - +
{feeds.map((feed, i) => (
  • - {feed.title} + {feed.title}